Restricting access to pfSense
-
Hello,
I want to restrict access to pfSense to a specific IP address. In the Aliases section, I created a rule called Trust.
But I can't see Trust in the menu under Rules:
What is wrong?
Thank you.
-
@hack3rcon you select 'Single host or alias' and can then start typing in the name of the alias in the field to the right of it.
-
Hello @patient0,
Thank you so much for your reply.
Sorry. I don't understand what you mean. -
@hack3rcon said in Restricting access to pfSense:
Sorry. I don't understand what you mean.
https://docs.netgate.com/pfsense/en/latest/firewall/configure.html#source
As I wrote, you select 'Single host or alias' and then the field right of, in your screenshot it is greyed out ("Source Address") will not be greyed out anymore. There you can enter the name of the alias and pfSense will find it.
-
@patient0, I understand it.
I did:
But, I can access to the web panel via other clients on my network!!!
-
@hack3rcon said in Restricting access to pfSense:
But, I can access to the web panel via other clients on my network!!!
On what interface have you created these rules?
'WAN address' (destination) will not match the local network address of pfSense, only on the WAN interface. Instead of 'WAN address' you can select 'This Firewall (self)' or 'LAN address' (or whatever the interface is called that you created the rules on).
And: the second column '0/0 b' shows that none of the rules are every invoked => the have not yet matched once => are you on the correct interface?
-
@patient0 My VM only has one network card. This VM is connected to a local network and I have forwarded a public IP to it virtually through the firewall. In the Aliases section, do I need to enter the IP address of the client on the network in the IP or FQDN section?
-
My VM only has one network card.
That is not a scenario I have any knowledge of. Someone else has to help here.
-
-
@hack3rcon said in Restricting access to pfSense:
Problem solved.
Very good, and I didn't see it but you are right.
The rules are 'quick' rules, meaning the first one that matches will be executed and no further rules checked.
In the first screenshot the block rules come first and therefore the 'Trust' rules were never reached.
