Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restricting Access to the webGUI does not work for my networks.

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 3 Posters 667 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      Good afternoon everyone,

      I'am new to Pfsense and got most working on my network. ( things like Snort, PFBlocker, OpenVPN and Avahi ).
      I run multiple VLAN's with some rules to accept traffic between those VLAN's.
      The only thing I cannot get to work Is the Restricting Access to the webGUI.
      I've followed the below link from Netgate but I think I'am missing something?
      For example I"ll show my IoT VLAN maby you guys see something that Is blocking the Reject rule on my LAN?
      Would like to hear any approvements what I can do better since I like to learn. :)
      What I want to achieve Is to only access the web GUI via the LAN ( maintenance network ) and my server on the SERVER VLAN ).
      I've added both to the ManagementAccess Source at the top rule.

      Things I've tried are = Reset States and disable the Allow Access to Gateway but no differents..

      Greetings,

      ThaPlexor

      Link used
      https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html

      Pfsense-Gui.PNG

      Pfsense-IoT.PNG

      1 Reply Last reply Reply Quote 0
      • emammadovE
        emammadov
        last edited by emammadov

        Hi. You can create an alias of "pfsense ports" (such as webgui port, ssh and etc.), and the ip address of admins and create a floating rule and select the interfaces that you want to allow or disallow.

        Port ALias
        pfsense_ports.JPG

        Floating rule
        floatng_webgui.JPG

        floatng_webgui2.JPG

        Elvin

        ? 2 Replies Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire
          last edited by

          The 0 states/0 bytes for the allow rule implies no traffic is matching it. I would turn on the option for logging packets blocked by the default block rule in the log settings temporarily, and see if the firewall logs then show the packets being blocked.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          ? 1 Reply Last reply Reply Quote 0
          • ?
            A Former User @emammadov
            last edited by

            @emammadov Hi thanks for your screenshots. Could you explain me the Invert match at the Source?
            Does this mean everything accept the pfsense_admins?

            Greetings,

            ThaPlexor

            emammadovE 1 Reply Last reply Reply Quote 0
            • ?
              A Former User @SteveITS
              last edited by

              @teamits I will give It a go and check If any packets are dropped.

              1 Reply Last reply Reply Quote 0
              • ?
                A Former User @emammadov
                last edited by

                Well this did the trick :) the GUI now only works on my LAN and SERVER network. Thanks both for your time :)

                Greetings,

                ThaPlexor

                1 Reply Last reply Reply Quote 0
                • emammadovE
                  emammadov @A Former User
                  last edited by

                  @ThaPlexor It means any ip address except pfsense_admins will be blocked.

                  Elvin

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.