How disable webgui … if possible

LiquiD_85 · Jul 13, 2009, 9:16 AM

Uhmmm … NO :D:D:D i'll reset lan interface thanks :D

LiquiD_85 · Jul 20, 2009, 12:31 PM

I've enabled the "disable webgui anti-lockout rule" and created the follows rule in attachment … but all computer in the lan can access the pfsense's webgui ... it's the LAN -> rule that make it possible for the whole lan or webgui should be disabled anyway?

thanks LQD

jahonix · Jul 20, 2009, 4:23 PM

What's your problem with LAN users being shown the login window? They still need user/password to access it.
But you could create an 'allow' rule for the IP of your admin PC, followed by a modified 'deny' rule in which you set as destination "all BUT gateway-ip". Order of rules is important!

LiquiD_85 · Jul 22, 2009, 7:20 AM

I don't want users are trying hours and hourse to guess user/pass. I want my pfsense don't listen at all other ip!
Why my "disable webgui" don't work now? For 1-2 days i think was working fine!!!

jahonix · Jul 22, 2009, 11:59 AM

@LiquiD_85:

Why my "disable webgui" don't work now? For 1-2 days i think was working fine!!!

Sorry, my magic crystal ball is broken.
Honestly, what kind of help can you expect from "it's broken" without giving any information?

@jahonix:

But you could create an 'allow' rule for the IP of your admin PC, followed by a modified 'deny' rule in which you set as destination "all BUT gateway-ip". Order of rules is important!

LiquiD_85 · Jul 23, 2009, 10:51 AM

@jahonix:

Sorry, my magic crystal ball is broken.
Honestly, what kind of help can you expect from "it's broken" without giving any information?

Hehehe … very witty :D

My LAN rule-set is in attachment some post upper ... when i enable in the advanced menù the "disable webgui anti-lockout rule" nothing change anyone can access webgui!!!
If you need other information ask me!
If possible i want to use this option and don't create other rules!!!

Thnx
LQD!

GruensFroeschli · Jul 23, 2009, 10:59 AM

Umm… Jahonix already posted the solution to why your users still can access the pfSense twice.

But you could create an 'allow' rule for the IP of your admin PC, followed by a modified 'deny' rule in which you set as destination "all BUT gateway-ip". Order of rules is important!

Let me rephrase that:
3 rules:
allow - source: your_admin_PC, destination: pfSense_LAN_interface
deny - source: any , destination: pfSense_LAN_interface
allow - source: any , destination: any

or easier with only 2 rules:
allow - source: your_admin_PC, destination: pfSense_LAN_interface
allow - source: any , destination: **!**pfSense_LAN_interface (NOT the pfSense_LAN_interface)

as written: The order of your rules is important !

dramis · Jul 24, 2009, 2:22 PM

Simply do in a shell:

killall -9 lighttpd

cybrsrfr · Oct 7, 2009, 6:39 AM

@dramis:

Simply do in a shell:

killall -9 lighttpd

Is definitely the easy way. In addition to that you could add a package called shellcmd which runs commands when the system starts. Place the killall -9 lighttpd command there and it will kill the GUI when the system starts.

0tt0 · Oct 7, 2009, 9:06 AM

Or add another NIC to the system and have users coming in on that interface.