OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: unixpgmr on April 01, 2018, 06:48:22 pm
-
Currently, my webGUI can be accessed by the internet. I want to prevent this from happening. I have a VPN set up so if I want to access externally, I can. However, by default, it seems that anybody with a browser can get access. I would like to completely cut that off. Is there a way to do this?
Thank you in advance for your time.
-
If the web interface is available from the internet, you made it available from there. Undo everything you did to allow access from the internet and you are done.
-
Thanks. I had to add the rule to allow wan access when I installed OPNSense. I just allowed everything to get it running. I modified this and all works.
Thanks again
-
Hey unixpgmr,
it's super important that you get your firewall-rules right and documented so that this mistake won't happen again. :)
Additionally there is one new sexy feature, which got added recently. You can actually configure the listen Interface for the Web-GUI access or SSH, see here:
>> System: Settings: Administration
Underneath "Web GUI" go to "Listen Interfaces" and select the interfaces, which you want to access the Web-GUI from. As the "information" already tells you "only use with care".
Same for SSH underneath "Secure Shell".
Have fun! :)
Oxy
-
I like to keep WAN access to my router opened, but:
- to modified HTTPS public port, for example to 23782
- only from my home and work public IP addresses
-
You should use OpenVPN for GUI access from WAN. It is more flexible and very likely more secure.