Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to restrict management ports

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 604 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      Elegant
      last edited by

      Hi guys, I'm attempting to restrict access  to the pfSense web GUI by denying access on ports 443 and 22. Now since I have multiple VLANs I would like to do this to all but one of my VLANs.

      As such I created a floating rule which rejects both ports to the firewall if the source is anything but the Admin VLAN and assigned it to each VLAN interface. The issue is nothing is taking effect. If I apply the rule directly under the VLAN everything works perfectly. Attached is a copy of that rule, any advice on how I can easily encompass everything under one rule would be greatly appreciated. Thanks!
      ![Floating Rule.png](/public/imported_attachments/1/Floating Rule.png)
      ![Floating Rule.png_thumb](/public/imported_attachments/1/Floating Rule.png_thumb)

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        what are the details of this floating rule?  Do you have it set for quick?  What interfaces are selected, what is your direction in or out, any?

        From your icons you don't seem to have quick enabled.  So your other rules would be evaluated..

        Floating rules are not for the new user to pfsense.  They are also easy to forget about when working on a specific ruleset for a specific vlan, etc.  How many vlans do you have?  Unless your talking a whole hell of a lot its normally just better to put the rules on your specific interfaces.  I have multiple vlans that I block access to pfsense on with the this firewall rule - I just put them on each vlan.  KISS is your friend!!

        But if your wanting to do it floating I would select all your vlan interfaces and then set the rule as quick with a direction of in.

        floating.png
        floating.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.11 | Lab VMs 2.8.1, 25.11

        1 Reply Last reply Reply Quote 0
        • E Offline
          Elegant
          last edited by

          That's exactly what I forgot to do (quick); everything is working great now. Thanks!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.