Disable WAN interface Web UI

praveen02 · Oct 13, 2021, 5:22 PM

The Pfsense WAN interface is accessible over 443. How Can we disable this access to Web UI of the pfsense from WAN public IP

viragomann · Oct 13, 2021, 5:33 PM

@praveen02
pfSense does not allow access on WAN as long as you do not add a firewall rule manually allowing it.

johnpoz · Oct 13, 2021, 7:05 PM

@viragomann my guess is he is accessing via the lan side..

Which yeah with the any any rule on lan this would be accessible.

If you do not want the gui to be accessible via a lan side network, you would need to block it specifically. Pointless on the lan if the anti lock out rule is in place. But on other interfaces. A good alias to use is the built in "this firewall" this can be used to block access to any IP of pfsense, even if they change - like say a wan IP..

viragomann · Oct 13, 2021, 7:42 PM

@johnpoz
Yeah, that's an option of course. I was thinking of this and reread the part "from WAN public IP" twice and toke it as "from WAN interface".

Also not sure if he added a rule for allowing TCP 443 to WAN to forward it to a server behind. In this case it would be a good advice to change the web configurators port to any other.