Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: DEC740airp414user on March 08, 2026, 07:43:25 PM

Title: Blocking access to router gui from IOT vlans
Post by: DEC740airp414user on March 08, 2026, 07:43:25 PM
I know it can be done from listening interfaces.   Has anyone come up with a creative way to block access to the router login page?

Everything I've tried from YouTube isn't working or exactly what I am trying to do
Title: Re: Blocking access to router gui from IOT vlans
Post by: Monviech (Cedrik) on March 08, 2026, 08:57:20 PM
You most likely have a rule in your IoT zone or Floating that accidentally allows access to the webgui.

Most likely a "Destination Any" rule.
Title: Re: Blocking access to router gui from IOT vlans
Post by: OPNenthu on March 09, 2026, 08:58:41 AM
Agreed, you're probably allowing it somewhere.

I have a floating rule (all interfaces) that blocks access to ports 22 & 443 on "This Firewall" and when I try to point a mobile phone to the OPNsense GUI I'm told to go pound sand:

mobile-to-firewall.png

While you can't block traffic between clients on the same subnet, you can still block when the firewall is the destination because by definition those packets have to go to the firewall interface.
Text only | Text with Images