Why is my pfSense firewall SSHD and Web GUI accessible from the public IP?



  • Good morning pfSense firewall appliance users,

    I have just installed pfSense firewall on my old (Intel Pentium Dual Core E6300 2.8 GHz + Intel Desktop Board DQ45CB motherboard + 6 GB DDR2-800 memory machine) in the early afternoon of 13th January 2018 Saturday. Straight after installing pfSense firewall, I proceeded to run the Setup Wizard and install Snort Intrusion Detection and Prevention System. Then I went out of my house for many hours. When I came back home after midnight on 14 January 2018 Sunday, I carried out some rudimentary research on pfSense firewall's ability to mitigate ransomware.

    I came across a pfsense forum topic entitled "Ransomware infected pfSense". Johnpoz suggested that ssh and web gui might be open to the public in that thread. So I went to check my pfsense firewall sshd and web gui. I was shocked and surprised to find that I could access the pfSense firewall sshd and web gui from my public IP.

    I thought pfSense firewall is supposed to block all incoming connections by default from the WAN side?

    Please advise.

    Thank you.

    Mr. Turritopsis Dohrnii Teo En Ming
    Singapore


  • Rebel Alliance

    https://forum.pfsense.org/index.php?action=post;quote=776593;topic=142387.0;last_msg=777760

    https://forum.pfsense.org/index.php?action=post;quote=772384;topic=141500.0;last_msg=772384

    See it all the time - pretty much every single thread that says pfsense is open from the wan to the gui is them hitting it from the lan side ;)

    Out of the box there are no rules on the wan - all unsolicited traffic to your wan IP from the wan side (internet) would be dropped..  So you hitting your web gui from the internet is you either opened up the firewall, or are hitting it from inside.  Or you you turned of firewall completely, etc.



  • @ptt:

    https://forum.pfsense.org/index.php?action=post;quote=776593;topic=142387.0;last_msg=777760

    https://forum.pfsense.org/index.php?action=post;quote=772384;topic=141500.0;last_msg=772384

    See it all the time - pretty much every single thread that says pfsense is open from the wan to the gui is them hitting it from the lan side ;)

    Out of the box there are no rules on the wan - all unsolicited traffic to your wan IP from the wan side (internet) would be dropped..  So you hitting your web gui from the internet is you either opened up the firewall, or are hitting it from inside.  Or you you turned of firewall completely, etc.

    Sorry for the late reply. I was very busy the last few days.

    Yes, I am accessing pfSense firewall sshd and web gui public IP from the LAN side.

    I don't have time to read the above links yet.

    Thank you.



  • @Teo:

    Yes, I am accessing pfSense firewall sshd and web gui public IP from the LAN side.

    And you have answered your own question.