Disabling OPNsense web GUI and configd daemons

[FrenchFries]

Hello,

I am currently using OpenBSD as a firewall, as the attack surface is really small. I am considering moving to OPNsense ...

After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?

On modern switches with a UI, you only use the UI during configuration, then you disable it.

Does it sound like a reasonable feature to add on the To-do list?

Kind regards,
French Fries

[fabian]

After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?

You can in theory kill the daemons but you may get a broken system since cron is using configd calls too. The web interface should not be a problem (can be restarted by the console menu if needed but still a bad idea since the HTTP based configuration is the main configuration utility in contrast to the systems with SSH / console as main access module). You can for example disable SSH as an alternative if you want only one open port.

On modern switches with a UI, you only use the UI during configuration, then you disable it.

The UI is still not the main configuration utility of them - that's still RS232 / USB or SSH/Telnet

Does it sound like a reasonable feature to add on the To-do list?

No

[hbc]

You can bind web gui just to lan or even better - dedicated management interface and restrict web access to your ip.