Block acces from outside to management page

Forums Network Management Firewall, Traffic Shaping and Net Balancer Block acces from outside to management page

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
  • #43555

    Hello all,

    Our old firewall (appliance) cant handle the traffic any more and we are trying to get a pc running with zeroshell firewall.

    We have it running and we can internet over it.. BUT we want to block access to the webmanagement interface page.. from outside..

    Question to you all is:

    Is this possible.. and if so could someone post a rule on how to accomplish this.

    Thanks in advance.


    under Setup -> https -> add a rule for a local ip, or subnet, select its interface “ETH00 ETH01 etc” click the + then remove the default rule to allow ANY save and you are done.


    I’m unclear on thie too.

    ETH00 ( is my WAN interface, ETH01 (192168.1.1) and ETH02 (192168.2.1) are the LAN side. I currently have the ETH00 of the ZS box connected to an upstream wifi router on the subnet, and another wifi AP connected to ETH01. This is for testing; ultimately ETH00 will be connected directly to a satellite modem at another location.

    I created 3 firewall rules:

    1 	ETH01 	* 	ACCEPT all opt -- in ETH01 out * -> 	no
    2 ETH02 * ACCEPT all opt -- in ETH02 out * -> no
    3 * * ACCEPT all opt -- in * out * -> state RELATED,ESTABLISHED

    Then, I set the INPUT chain to “DROP” (OUTPUT and FORWARD are still “ACCEPT”). As I understand it, this should block any unsolicited connection from the ETH00 interface. I should be able to connect to the ZS admin via ETH01 and I can, but if I connect to the upstream router, it should block access… but it doesn’t.

    What am I doing wrong?


    Sorry to bump this topic but as I’m having the same issue, i’d like some help.
    I want to block external access to the web interface standard port (tcp 80 and 443).

    I have 2 wan interfaces, eth01 ( and eth02 (
    When I add an input chain to block tcp port 443 on incoming eth01 interface it doesn’t block anything.

    Any idea ?


    Take a look above at JC’s post..


    It doesn’t fit my need.
    I want to specifically block tcp 80 and 443 connections on my wan interfaces.


    Hi Shadok , the management rules are “hidden” and “above” (in the input chain) others rules that you can add or remove via gui ( but you can see all rules through the view button , in firewall page).
    Is possible to manage them via System>>Setup>>Https( ssh if required). Assuming ETH00 is your internal network , add ETH00 (and possibly the IP address from which the management is allowed) in “System>>Setup>>Https>>Allow access only from” , save, reboot the system (even if I never needed to reboot ….) and then try to access the web interface from wan…I have a setup similar to yours ,( two load balanced wan) and the management rules work perfectly


    Thanks but no (again).
    Let me explain it more clearly.

    I want to be able to access to zeroshell from my lan on ports 80 and 443.
    But i want to be able to access it from outside, from whatever ip address i would be using, but on ports 980 and 943.

    I add previously an adsl box which allowed me to do that with NAT.
    Now, it’s only a gateway, so i can’t do that anymore.

    I still have nat on zeroshell to redirect incoming 980 and 943 tcp ports to its web interface (80 and 443).

    So i need to block 80 and 443 incoming ports from outside.

Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.