Nethsecurity - disable remote admin access for NethSecurity 8

NethSecurity
1

In Firewall Rules have 4 existing rules in the Input Rules -

  1. Allow-HTTPS-from-WAN with the availability to disable it.
  2. Allow-UI-from-WAN with the availability to disable it.
  3. Allow-DHCP-Renew with the availability to disable it.
  4. Allow-ping with the availability to disable it.

Well, I think the should these rules should be availible, but I believe they should be disabled when NethSecurity is first install and run.

Unfortunately at this moment, it doesn’t seem like the disable button for these Input rules work. As you can see from the image below. I have turned them all off.

2024-07-22_01-15
2024-07-22_01-151597×782 78.9 KB

But I can still get to remote access of HTTPS of NethSecurity 8 from another computer on another remote network. (Is this a bug?)

With out removing the input rules. How can I disable the remote root access for NethSecurity 8.

I have looked at the following page in the Nethsecurity manual here -
https://docs.nethsecurity.org/en/latest/remote_access.html#disable-web-user-interface-on-port-443

But it doesn’t tell me how to disable the rule without deleting it. Hope their is a way.

Also is there a way to change the web user interface port from 443 to 444 or another port number?

Thanks,
-SF-

2

These rules are enabled by default otherwise most of the times users will not be able to access the firewall for the first setup.

No one reported this, but you could do a cuople of checks:

  1. did you apply the changes?
  2. are the rules present inside nft? You can check with: nft list ruleset

Disabled rules are the same as deleted rules: they are not applied.
Still, if you do not use them, you can delete them.

Also is there a way to change the web user interface port from 443 to 444 or another port number?

Yes, the UI is available also on port 9090.

The doc says:

NethSecurity UI (User Interface), the NethSecurity official web interface, is available on port 9090 at the following URL: https://<server_ip>:9090.

See also:

2 Likes
3

I went ahead and logged in to NSecurity via SSH and ran nft list ruleset. I was able to see two rules for 443.

I went back and turned on the input rules - applied them - then I disabled them again. I then put 443 pointed to a internal webserver address, via port forwarding.

Then I went back to remote pc to see if I could bring up the port forwarded webserver from 80 and 443 externally. I made sure to do a clear cache and then bring up site.

All seems fine now.

Thanks for the recommended check with: nft list ruleset - it got me thinking and I was able to solve it.

Thanks

-SF-

1 Like