pfSense allow web interface access on WAN from specific IP

31-12-2014 | Remy van Elst


Table of Contents


pfSense is a fast and simple FreeBSD based firewall appliance with a nice web managent interface and the power of the pf firewall underneath. Normally the web interface is only accessible from the management LAN (or LAN by default) interface. If you for whatever reason locked yourself out or need access from a different IP via the WAN interface you can use the easyrule command line to temporarly add a rule that allows your remote IP in. This simple snippet shows you how.

The following command adds a firewall rule, allowing tcp traffic in on port 443 from remote IP XX.XX.XX.XX: to the WAN IP on YY.YY.YY.YY:

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 443

You can also allow SSH access and set up a remote port forward (ssh -L localport:remoteip:remoteport remoteip):

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 22

Remember to remove the rule when you've restored access to the web interface via your regular way.

See other methods to get back in the webinterface on the pfSense Wiki.


Tags: bsd  firewall  freebsd  iptables  pf  pfsense  security  snippets