Unable to restrict management ports

  • Hi guys, I'm attempting to restrict access  to the pfSense web GUI by denying access on ports 443 and 22. Now since I have multiple VLANs I would like to do this to all but one of my VLANs.

    As such I created a floating rule which rejects both ports to the firewall if the source is anything but the Admin VLAN and assigned it to each VLAN interface. The issue is nothing is taking effect. If I apply the rule directly under the VLAN everything works perfectly. Attached is a copy of that rule, any advice on how I can easily encompass everything under one rule would be greatly appreciated. Thanks!
    ![Floating Rule.png](/public/imported_attachments/1/Floating Rule.png)
    ![Floating Rule.png_thumb](/public/imported_attachments/1/Floating Rule.png_thumb)

  • LAYER 8 Global Moderator

    what are the details of this floating rule?  Do you have it set for quick?  What interfaces are selected, what is your direction in or out, any?

    From your icons you don't seem to have quick enabled.  So your other rules would be evaluated..

    Floating rules are not for the new user to pfsense.  They are also easy to forget about when working on a specific ruleset for a specific vlan, etc.  How many vlans do you have?  Unless your talking a whole hell of a lot its normally just better to put the rules on your specific interfaces.  I have multiple vlans that I block access to pfsense on with the this firewall rule - I just put them on each vlan.  KISS is your friend!!

    But if your wanting to do it floating I would select all your vlan interfaces and then set the rule as quick with a direction of in.

  • That's exactly what I forgot to do (quick); everything is working great now. Thanks!

Log in to reply