WebGUI via wan
I'm a long time FreeBSD user but am a bit new to actually using a web gui to administer anything but I work with others and want them to be able to continue to point and click to their hearts content if I'm not around. I have an appliance I built that I'd like to use in an apartment complex as the firewall/nat box for a group wanting to share an internet connection into the building. If it works well with pfsense, I want to roll out several more.
My problem so far is that technically I trust the users on the inside of the firewall as much as I trust the Internet side of their device (which we provide) so I'd like to restrict access to the WebGUI to only a specific IP address that is on the WAN side of the device and leave the LAN side unable to reach the webgui. Is this possible within the confines of pfsense? If I may, how?
Yes, this is very easy to do with pfSense. You will want a firewall rule on the WAN interface which allows access to the port you're running your webGUI from the source IP in question. Then you'll want to create a firewall rule on the LAN side (above the default allow rule) which blocks access to that same port from any source IP.