Changed both SSH and HTTP ports (and forgot to adjust my rules)...

furom

Hi,
subject says it all more or less.. I'm locked out - but do have a fresh backup thankfully.

So question is what are my options? Do I need to flash an image through console or is there a better way?

Thanks

johnpoz

@furom Had you turned off the antilock out rule? Can you not connect via the lan network, this is the network that has the antilock out rule and this rule would be updated when you changed your ports.

If you have console access you should be able to just roll back your config, or worse case scenario just turn off all firewall rules to allow you access temp to change the rules to allow your access, etc.

furom

@johnpoz said in Changed both SSH and HTTP ports (and forgot to adjust my rules)...:

@furom Had you turned off the antilock out rule? Can you not connect via the lan network, this is the network that has the antilock out rule and this rule would be updated when you changed your ports.

If you have console access you should be able to just roll back your config, or worse case scenario just turn off all firewall rules to allow you access temp to change the rules to allow your access, etc.

Hi,
No, the anti-lockout rule should be intact, in fact, I was relying on that catching my stupidity if I messed this up, but I could not connect still. I need to check that when back in... I can get console access though, just have to read up on how to connect - I have done it once... :) Thanks for the tip and pics!

johnpoz

@furom this could be handy as well

https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#troubleshooting-access-when-locked-out-of-the-firewall

furom

@johnpoz said in Changed both SSH and HTTP ports (and forgot to adjust my rules)...:

@furom this could be handy as well

https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#troubleshooting-access-when-locked-out-of-the-firewall

That was really nice of you, spot on! Thank you!!

johnpoz

@furom no problem - also don't forget, try your old ports - maybe your port changes didn't actually apply like you thought they did ;)

furom

@johnpoz Probably a silly thing, but when connecting I get nothing, but am connecting @115200/8/N/1... Do I need to restart the Netgate?

Edit: Changed console util and got in... :)

furom

@johnpoz said in Changed both SSH and HTTP ports (and forgot to adjust my rules)...:

@furom no problem - also don't forget, try your old ports - maybe your port changes didn't actually apply like you thought they did ;)

Great advice, but unfortunately they did... :)

johnpoz

@furom so was the antilockout disabled? Were you coming in on a different interface then where the antilock is? When you changed the port this should of changed for sure...

Example.. See my previous post, I just changed my ssh port and there you go it changed..

And can connect on that port.

furom

@johnpoz said in Changed both SSH and HTTP ports (and forgot to adjust my rules)...:

@furom so was the antilockout disabled? Were you coming in on a different interface then where the antilock is?

Exactly it. I was connecting through another interface. I wish I had remembered that, but thankfully not that often I need it... :)