Skip to main content

Raymii.org Logo (IEC resistor symbol) logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

pfSense allow web interface access on WAN from specific IP

Published: 31-12-2014 | Author: Remy van Elst | Text only version of this article


Table of Contents


pfSense is a fast and simple FreeBSD based firewall appliance with a nice web managent interface and the power of the pf firewall underneath. Normally the web interface is only accessible from the management LAN (or LAN by default) interface. If you for whatever reason locked yourself out or need access from a different IP via the WAN interface you can use the easyrule command line to temporarly add a rule that allows your remote IP in. This simple snippet shows you how.

If you like this article, consider sponsoring me by trying out a Digital Ocean VPS. With this link you'll get $100 credit for 60 days). (referral link)

The following command adds a firewall rule, allowing tcp traffic in on port 443 from remote IP XX.XX.XX.XX: to the WAN IP on YY.YY.YY.YY:

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 443

You can also allow SSH access and set up a remote port forward (ssh -L localport:remoteip:remoteport remoteip):

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 22

Remember to remove the rule when you've restored access to the web interface via your regular way.

See other methods to get back in the webinterface on the pfSense Wiki.

Tags: bsd , firewall , freebsd , iptables , pf , pfsense , security , snippets