Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is my pfSense firewall SSHD and Web GUI accessible from the public IP?

    General pfSense Questions
    3
    4
    500
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Teo En Ming
      last edited by

      Good morning pfSense firewall appliance users,

      I have just installed pfSense firewall on my old (Intel Pentium Dual Core E6300 2.8 GHz + Intel Desktop Board DQ45CB motherboard + 6 GB DDR2-800 memory machine) in the early afternoon of 13th January 2018 Saturday. Straight after installing pfSense firewall, I proceeded to run the Setup Wizard and install Snort Intrusion Detection and Prevention System. Then I went out of my house for many hours. When I came back home after midnight on 14 January 2018 Sunday, I carried out some rudimentary research on pfSense firewall's ability to mitigate ransomware.

      I came across a pfsense forum topic entitled "Ransomware infected pfSense". Johnpoz suggested that ssh and web gui might be open to the public in that thread. So I went to check my pfsense firewall sshd and web gui. I was shocked and surprised to find that I could access the pfSense firewall sshd and web gui from my public IP.

      I thought pfSense firewall is supposed to block all incoming connections by default from the WAN side?

      Please advise.

      Thank you.

      Mr. Turritopsis Dohrnii Teo En Ming
      Singapore

      1 Reply Last reply Reply Quote 0
      • pttP
        ptt Rebel Alliance
        last edited by

        https://forum.pfsense.org/index.php?action=post;quote=776593;topic=142387.0;last_msg=777760

        https://forum.pfsense.org/index.php?action=post;quote=772384;topic=141500.0;last_msg=772384

        See it all the time - pretty much every single thread that says pfsense is open from the wan to the gui is them hitting it from the lan side ;)

        Out of the box there are no rules on the wan - all unsolicited traffic to your wan IP from the wan side (internet) would be dropped..  So you hitting your web gui from the internet is you either opened up the firewall, or are hitting it from inside.  Or you you turned of firewall completely, etc.

        1 Reply Last reply Reply Quote 0
        • T
          Teo En Ming
          last edited by

          @ptt:

          https://forum.pfsense.org/index.php?action=post;quote=776593;topic=142387.0;last_msg=777760

          https://forum.pfsense.org/index.php?action=post;quote=772384;topic=141500.0;last_msg=772384

          See it all the time - pretty much every single thread that says pfsense is open from the wan to the gui is them hitting it from the lan side ;)

          Out of the box there are no rules on the wan - all unsolicited traffic to your wan IP from the wan side (internet) would be dropped..  So you hitting your web gui from the internet is you either opened up the firewall, or are hitting it from inside.  Or you you turned of firewall completely, etc.

          Sorry for the late reply. I was very busy the last few days.

          Yes, I am accessing pfSense firewall sshd and web gui public IP from the LAN side.

          I don't have time to read the above links yet.

          Thank you.

          1 Reply Last reply Reply Quote 0
          • F
            fragged
            last edited by

            @Teo:

            Yes, I am accessing pfSense firewall sshd and web gui public IP from the LAN side.

            And you have answered your own question.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.