Why is pfsense directly accessable from the internet?
-
Hi there,
I am using a pfsense in version 2.4.5.p1.Its doing ppoe to the modem to get internet access.
Now I figured out, that when I put my external IP from my ISP into the browser, I can directly access my pfsense login page via port 443. That opens up possibilities to bruteforce into my admin account....
As described in the Netgate Documentation access from WAN is disabled by default to the admin console.
Am I doing something wrong here?
There are no rules for WAN except those blocking bogons and private address ranges. -
Are you testing from "LAN side" ?
-
Yes I did...so I did get it wrong then?
-
Yes, you should test from "WAN side"
Firewall rules control what traffic is allowed to enter an interface on the firewall
https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html
-
thank you anyway for answering to my nooby question.
:-)the matter is solved then.