Do you log into your router via an alternate method to HTTPS?
Is there any config necessary to remove remote access to the GUI or are there rules for that by default?
If you’re using pfSense, everything is blocked by default, including accessing the web configurator from any network - except for the default LAN. There is a so-called Anti Lockout Rule that, as long as it’s enabled, will always allow access to the configurator from the default LAN even if your firewall rules deny it.
As for consumer routers, I’ve never seen one that allows configuration from the WAN side by default. If you come across one, I’d suggest burning it to the ground.
I thought you could get to the pfsense GUI from any network ? Regardless, I use a rule with “!This Firewall” as the destination which prevents, say my Guest vlan accessing pfsense.
1 Like