Agreed. Additionally all the services should either be configured to listen on the trusted management interface only *or* configured to listen on lo0 only with external access granted via a pf portforward from the configured trusted management interface(s) only. If the security policy fails or is unloaded for some reason. The attack surface is significantly reduced. Greg
Nathan Eisenberg wrote: > > > > > > Alternately, access to the GUI can be restricted by firewall rules <...> > >Not just 'can' - but 'should', imho. >_______________________________________________ >List mailing list >[email protected] >http://lists.pfsense.org/mailman/listinfo/list > > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
