Hello. I am happy to report a full functional deployment of the latest FreedomBox on a pi3. Now, i have only a simple quescen.
How do i setup my web interface to be accessible form LAN ONLY?

The web interface was LAN-only in earlier versions of FreedomBox.

We added a couple of protections against brute-force attacks, namely django-axes and fail2ban, and then allowed access to the web interface over the public Internet. Do you think it’s still not safe to expose the web interface to the Internet?

Yes and no. I am relay happy with the option to access the web interface from outside and inside, but can you implement a button or something?
(Just as a simple wish)
Access your Web Interface
1) From LAN
2) From Internet
3) Both ways.

Now…where i can set the interface to accept LAN only connection?
Is there a file or a config where I can state a mac or IP only connection to be allowed?

Edit1: What is the port of the interface? Because i can make a script block any connection on that port if the ip is not the one that i give it to him.

This can be done by modifying /etc/apache2/sites-available/plinth.conf, and adding the following section within <Location /plinth>:

## Allow traffic only from private networks
        ## IPv4 local addresses
        Require ip

        ## IPv4 link local addresses
        Require ip

        ## IPv4 class A private addresses
        Require ip

        ## IPv4 class B private addresses
        Require ip

        ## IPv4 class C private addresses
        Require ip

        ## IPv6 local address
        Require ip ::1

        ## IPv6 link local addresses
        Require ip fe80::/10

        ## IPv6 private addresses
        Require ip fc00::/7

And then reloading the apache2 service.

1 Like

All done. Now I can use my interface from LAN ONLY. Thank you so much for the support.


Small Resume at actions:

After installing FreedomBox on your FRESH DEBIAN INSTALL, just run:

sudo nano /etc/apache2/sites-available/plinth.cof

Place a comment in front of every enetery that you DO NOT LIKE. Save the file
sudo service apache2 restart


Since the issue has been solved, I am marking it [SOLVED] in the title.