Hello,
I am currently using OpenBSD as a firewall, as the attack surface is really small. I am considering moving to OPNsense ...
After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?
On modern switches with a UI, you only use the UI during configuration, then you disable it.
Does it sound like a reasonable feature to add on the To-do list?
Kind regards,
French Fries
Quote from: FrenchFries on May 26, 2019, 03:53:44 PM
After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?
You can in theory kill the daemons but you may get a broken system since cron is using configd calls too. The web interface should not be a problem (can be restarted by the console menu if needed but still a bad idea since the HTTP based configuration is the main configuration utility in contrast to the systems with SSH / console as main access module). You can for example disable SSH as an alternative if you want only one open port.
Quote from: FrenchFries on May 26, 2019, 03:53:44 PM
On modern switches with a UI, you only use the UI during configuration, then you disable it.
The UI is still not the main configuration utility of them - that's still RS232 / USB or SSH/Telnet
Quote from: FrenchFries on May 26, 2019, 03:53:44 PM
Does it sound like a reasonable feature to add on the To-do list?
No
You can bind web gui just to lan or even better - dedicated management interface and restrict web access to your ip.