Messages

Excellent!  Both of you appear to be correct, and thanks for the website links, Zeitkind! (Very useful tools, thanks!)

So yes, when I did the pentest, my server came back with next to nothing which is exactly what I wanted.

Just to be safe I VPNd to a remote server in a different country and looked back in and nothing was replying from my external IP.

Problems solved!  =)

I searched for a bit looking for an answer on this and couldn't find one easily, so here's my question:

Right now, everything is working perfectly!  My opnsense machine is acting as a router/firewall and I have the WAN set to DHCP for it's addressing, and the LAN set to a static IP running DHCP and forwarding DNS.

But there is a problem:

If I go to my WAN IP in a web browser, it comes up with my admin page!  I absolutely DO NOT want to have a web logon available for hackers on the WAN interface and would like to disable the web logon, or ANY logon from the WAN interface.  I would like the external WAN interface to be locked down as much as humanly possible.  I don't need login access on the WAN interface, ever.

But I would like to retain web access on the LAN interface for administrative purposes, of course!

Is there an easy way to (properly) shut down logon and/or web access on the WAN interface?

Thanks!