Skip to main content

Raymii.org Raymii.org Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed | Gopher

pfSense allow web interface access on WAN from specific IP

Published: 31-12-2014 | Author: Remy van Elst | Text only version of this article


❗ This post is over six years old. It may no longer be up to date. Opinions may have changed.

pfSense is a fast and simple FreeBSD based firewall appliance with a nice web managent interface and the power of the pf firewall underneath. Normally the web interface is only accessible from the management LAN (or LAN by default) interface. If you for whatever reason locked yourself out or need access from a different IP via the WAN interface you can use the easyrule command line to temporarly add a rule that allows your remote IP in. This simple snippet shows you how.

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

The following command adds a firewall rule, allowing tcp traffic in on port 443 from remote IP XX.XX.XX.XX: to the WAN IP on YY.YY.YY.YY:

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 443

You can also allow SSH access and set up a remote port forward (ssh -L localport:remoteip:remoteport remoteip):

easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 22

Remember to remove the rule when you've restored access to the web interface via your regular way.

See other methods to get back in the webinterface on the pfSense Wiki.

Tags: bsd , firewall , freebsd , iptables , pf , pfsense , security , snippets