Restrict WEBgui to LAN only

  • new RC4 install.  3 interfaces:  WAN, LAN, OPT1(wireless.)

    I would like to block the ability to log into the WEBgui from the wireless network.

    I've tried blocking port 80 to the pfsense machine's IP, but that stops all web traffic as well.

    Anybody have a better idea?


  • I suspect your rule you created has as destination: *
    You need a rule that has as destination all IP's on which your pfSense is reachable.
    I would create an Alias which contains: "WAN-IP", "LAN-IP", "WLAN-IP" of the pfSense.
    Set the destination of your block rule to this alias.

  • If you want to block certain access to the webGUI then you're thinking about security, right.
    Start with using HTTPS for pfSense administration and use a non standard port like :456.
    Block access to it from W-LAN and it won't affect regular web usage.

Log in to reply