How can i prevent some user in accessing my pfsesne GUI using the gateway
i just want to allow only one computer that can access my pfsesne using the IP
On networks that you do not want access to the pfsense gui. create this rule
Adjust the source to your network. PFSenseManagementPorts is the management ports i.e. 80 , 443, 22 (adjust to suit your requirements)
On the firewall rule, you want to manage the pfsense you should have ‘Anti-lockout rule’ under source add your required IP
I would not do this, as you may lock yourself out - just have a long / complicated password
The best way in my opinion would be to use a dedicated management network. IP addresses are easily spoofable, so filtering based on source IP is not secure.
Thank you i want to do this because some of my colleagues are techies i just want to block them from accessing the GUI pfsense and only my device is allowed to access that
pfsense has a login/pw …
even if the ip is 192.168.5.1, your colleague techies cannot do much.
Logout from pfsense (System > Logout) every time you’re done.
Even if you did accomplish this it would be a bad idea. If your PC died, how would you access your firewall?
This is an interesting high-level topic. Running a web based GUI as root is dangerous and needs to hidden. How well hidden is a subjective call. Layer 4 and below tricks are neat and largely effective, but can be circumvented.
If I had a hostile network (such as a school with smart kids who have lots of idle time) where I could not reliably guarantee somebody can’t plug into my management VLAN, then I would hide the GUI behind SSH.
Basically create a jump box that requires an SSH key and password. That would allow me to keep the login accessible to me beyond a fixed IP or vlan. Flexibility and security.