Blocking access to ntop

Boguslaw · Nov 13, 2006, 8:53 PM

How to block access to LAN users 192.168.1.0 (except 192.168.1.11) to ntop 192.168.1.1:3000. For example: I can use ntop but other users can't. How to do it?

hoba · Nov 13, 2006, 2:50 PM

block, tcp, source NOT <allowed client's="" ip="">, destination <lan ip="" of="" pfsense="">, port <ntop port="">, gateway default</ntop></lan></allowed>

Boguslaw · Nov 14, 2006, 8:37 PM

My settings:
But it doesnt work. Everybody has access to ntop

sullrich · Nov 14, 2006, 8:48 PM

@Boguslaw:

My settings:
But it doesnt work. Everybody has access to ntop

From a shell issue this command:

cat /tmp/rules.debug |grep 3000

And post the results. Thanks!

hoba · Nov 14, 2006, 11:27 PM

You have to disable the antilogout rule at lan (system>advanced) which grants access to the lan IP of the pfsense. This rule is in place to make sure you don't log yourself out from the administration. Beware that disabling that rule might log you out if you have incorrect rules at LAN, so verify your settings before applying a new ruleset.