pfsense http/https managment interface
-
Is there a way to make it bind to a single interface rather then bind all, to be honest security wise this is not a good way to do things. From a security perspective it would be a lot better to isolate the management interface to a single management network.
Not sure if this is at all possible, in pfsense.
6 firewalls connected through ipsec, .. pfsense, each has about 12 interfaces, just on a single interface this would require 12 rules just to filter the management interface for something which can just as easily done by binding to a single interface.
-
No, it always listens on all available interfaces. Of course the code is there so you can do what you want.
You can use an interface group or a floating rule to apply a single rule to multiple interfaces.
And all traffic is blocked by default so simply not allowing it would also block access.
Steve
-
Read http://nginx.org/en/docs/http/configuring_https_servers.html
Go here :
and
and make the listen (and IPv6 listen) more restrictive.
Be careful : there is no such thing as a default LAN interface.
You could hard code the IP of the interface t to listen to.
Or extract it from$g['interfaces'['lan']['ipaddr']