Blocking access to router gui from IOT vlans

Started by DEC740airp414user, March 08, 2026, 07:43:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 08, 2026, 07:43:25 PM
I know it can be done from listening interfaces.   Has anyone come up with a creative way to block access to the router login page?

Everything I've tried from YouTube isn't working or exactly what I am trying to do
DEC740 > USW-Pro-8-PoE> U6-Enterprise
Dec670. Retired / backup device
March 08, 2026, 08:57:20 PM #1
You most likely have a rule in your IoT zone or Floating that accidentally allows access to the webgui.

Most likely a "Destination Any" rule.
Hardware:
DEC740
March 09, 2026, 08:58:41 AM #2
Agreed, you're probably allowing it somewhere.

I have a floating rule (all interfaces) that blocks access to ports 22 & 443 on "This Firewall" and when I try to point a mobile phone to the OPNsense GUI I'm told to go pound sand:

You cannot view this attachment.

While you can't block traffic between clients on the same subnet, you can still block when the firewall is the destination because by definition those packets have to go to the firewall interface.
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
Print
Go Up Pages1
User actions