Restricting Access to the webGUI does not work for my networks.
-
Good afternoon everyone,
I'am new to Pfsense and got most working on my network. ( things like Snort, PFBlocker, OpenVPN and Avahi ).
I run multiple VLAN's with some rules to accept traffic between those VLAN's.
The only thing I cannot get to work Is the Restricting Access to the webGUI.
I've followed the below link from Netgate but I think I'am missing something?
For example I"ll show my IoT VLAN maby you guys see something that Is blocking the Reject rule on my LAN?
Would like to hear any approvements what I can do better since I like to learn. :)
What I want to achieve Is to only access the web GUI via the LAN ( maintenance network ) and my server on the SERVER VLAN ).
I've added both to the ManagementAccess Source at the top rule.Things I've tried are = Reset States and disable the Allow Access to Gateway but no differents..
Greetings,
ThaPlexor
Link used
https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html
-
Hi. You can create an alias of "pfsense ports" (such as webgui port, ssh and etc.), and the ip address of admins and create a floating rule and select the interfaces that you want to allow or disallow.
Port ALias
Floating rule
-
The 0 states/0 bytes for the allow rule implies no traffic is matching it. I would turn on the option for logging packets blocked by the default block rule in the log settings temporarily, and see if the firewall logs then show the packets being blocked.
-
@emammadov Hi thanks for your screenshots. Could you explain me the Invert match at the Source?
Does this mean everything accept the pfsense_admins?Greetings,
ThaPlexor
-
@teamits I will give It a go and check If any packets are dropped.
-
Well this did the trick :) the GUI now only works on my LAN and SERVER network. Thanks both for your time :)
Greetings,
ThaPlexor
-
@ThaPlexor It means any ip address except pfsense_admins will be blocked.