Limiting IPs that can login to web interface



  • Hi all,

    I have a PFSense box setup with 3 NICs:

    • NIC1 > WAN
    • NIC2 > Internal LAN
    • NIC3 > Public LAN

    Basically, i want to limit those that can try to login to the PFSense web admin to NIC2 (Internal LAN) - or even by just an IP if i have no other option… but i'd prefer to the NIC2 subnet.
    Is this possible?

    Many thanks for your help.  Much appreciated.

    Frank



  • Yes this is possible.
    1: Disable under advanced the antilockout rule.
    2: Make sure you have on NIC2 subnet a firewall rule allowing access to the pfSense webinterface.
    3: Create on the LAN interface at the very top a firewall rule denying access to the IP(s) of the pfSense.



  • I'm assuming I should just be blocking HTTP access to the IP of the pfSense box?

    Also, given that the IP of the pfSense box is also the gateway for the subnet, would blocking access to it adversly affect general web browsing etc?

    Many thanks for your advice!  :)



  • Yes i meant block http(s) traffic.
    Under normal circumstances a user should notice nothing at all.
    If you run the pfSense as DNSforwarder make sure that you allow this.



  • Thanks GruensFroeschli! I appreciate your help  :)


Log in to reply