Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable WebGUI access from selective LANs

    Scheduled Pinned Locked Moved webGUI
    3 Posts 2 Posters 493 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PM_13
      last edited by

      Hi,

      If I have multiple LANs and want to disable the WebGUI access from one of the LAN, that may be running subnet for IoTs or Guest WiFi, then is there a way to do it?

      I checked the documentation and options within GUI under sysntems (and ==> advanced) but did not see any setting to this effect.

      Thanks.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @PM_13
        last edited by

        @pm_13 :

        It's the other way around : here System > Advanced > Admin Access you can enable - or disable - a rule that will be placed on top of the rule list, that enables the access to the GUI.
        The default LAN rules is a pass all rule, so access to the web GUI is possible, as this rule accept all traffic.

        On other LAN type interfaces, there will be no rules at all when you create (assign) these interfaces. The default hidden rule is : block everything.
        So, nothing comes in, which means : no Internet access, no GUI access, nothing.
        Up to you to create a rule like :

        0b46b1d1-cb75-4d18-ae1d-346ff83c4bf2-image.png

        this rules block all TCP access to the alias "ThisFirewallRules" ports 21,22,23,80,443 because these could be used to intercat with the firewall.
        Normally, you should block ports like 123 NTP udp or 53 DNS (tcp and udp).

        After this rule you place a rule that permits access, for example; to the Internet.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        P 1 Reply Last reply Reply Quote 1
        • P
          PM_13 @Gertjan
          last edited by

          @gertjan Thanks, this does make sense.

          So essentially the key is to treat WebGUI session like any other regular traffic and configure as needed using firewall rules.
          Thanks for pointing me in the right direction.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.