Prevent external access of webgui

[unixpgmr]

Currently, my webGUI can be accessed by the internet.  I want to prevent this from happening. I have a VPN set up so if I want to access externally, I can. However, by default, it seems that anybody with a browser can get access. I would like to completely cut that off. Is there a way to do this?

Thank you in advance for your time.

[fabian]

If the web interface is available from the internet, you made it available from there. Undo everything you did to allow access from the internet and you are done.

[unixpgmr]

Thanks. I had to add the rule to allow wan access when I installed OPNSense. I just allowed everything to get it running.  I modified this and all works.

Thanks again

[Oxygen61]

Hey unixpgmr,

it's super important that you get your firewall-rules right and documented so that this mistake won't happen again.
Additionally there is one new sexy feature, which got added recently. You can actually configure the listen Interface for the Web-GUI access or SSH, see here:

>>   System: Settings: Administration

Underneath "Web GUI" go to "Listen Interfaces" and select the interfaces, which you want to access the Web-GUI from. As the "information" already tells you "only use with care".
Same for SSH underneath "Secure Shell".

Have fun!
Oxy

[labsy]

I like to keep WAN access to my router opened, but:
- to modified HTTPS public port, for example to 23782
- only from my home and work public IP addresses

[fabian]

You should use OpenVPN for GUI access from WAN. It is more flexible and very likely more secure.