Installed latest snap, now can't login to GUI
-
I wasted a lot of precious time trying to figure out what the hell all of a sudden happened, and why I couldn't access the firewall. If this is going to be left on by default, then the notice must give the administrator ways to get around it and how to manage it in the future. I have absolutely no use for this feature at all, as I don't allow remote access to the UI.
-
It has nothing to do with you enabling remote access - DNS rebinding attacks are a way that someone remotely could get access to your router even when you have explicitly denied it. That's why it's a security risk.
The error message could probably be clearer, though. But it's still a beta so there's plenty of time to get a simple fix like that in.
-
Would there be anything wrong with having the message suggest to try accessing it by IP address instead and where to go to configure an exception for the host name?
-
Another way to protect the system from DNS rebinding attacks is to filter out all private address space addresses from the DNS replies that come from upstream forwarders. It's not going to work in every case though because not everyone uses the DNS forwarder that is included in pfSense.
Edit: 2.0 BETA already seems to do this with dnsmasq –stop-dns-rebind option, the other protection methods seem a bit excessive in that case…
-
@kpa:
Edit: 2.0 BETA already seems to do this with dnsmasq –stop-dns-rebind option, the other protection methods seem a bit excessive in that case…
Yes that's already done, no it's not excessive - that only helps if you're using the DNS forwarder, lots of people don't.
