[SOLVED] FreedomBox LAN ONLY

HellScream · May 27, 2019, 8:33pm

Hello. I am happy to report a full functional deployment of the latest FreedomBox on a pi3. Now, i have only a simple quescen.
How do i setup my web interface to be accessible form LAN ONLY?

njoseph · May 28, 2019, 5:46am

The web interface was LAN-only in earlier versions of FreedomBox.

We added a couple of protections against brute-force attacks, namely django-axes and fail2ban, and then allowed access to the web interface over the public Internet. Do you think it’s still not safe to expose the web interface to the Internet?

HellScream · May 28, 2019, 8:14am

Yes and no. I am relay happy with the option to access the web interface from outside and inside, but can you implement a button or something?
(Just as a simple wish)
Access your Web Interface
1) From LAN
2) From Internet
3) Both ways.

Now…where i can set the interface to accept LAN only connection?
Is there a file or a config where I can state a mac or IP only connection to be allowed?

Edit1: What is the port of the interface? Because i can make a script block any connection on that port if the ip is not the one that i give it to him.

jvalleroy · May 28, 2019, 11:17pm

This can be done by modifying /etc/apache2/sites-available/plinth.conf, and adding the following section within <Location /plinth>:

## Allow traffic only from private networks
    <RequireAny>
        ## IPv4 local addresses
        Require ip 127.0.0.0/8

        ## IPv4 link local addresses
        Require ip 169.254.0.0/16

        ## IPv4 class A private addresses
        Require ip 10.0.0.0/8

        ## IPv4 class B private addresses
        Require ip 172.16.0.0/12

        ## IPv4 class C private addresses
        Require ip 192.168.0.0/16

        ## IPv6 local address
        Require ip ::1

        ## IPv6 link local addresses
        Require ip fe80::/10

        ## IPv6 private addresses
        Require ip fc00::/7
    </RequireAny>

And then reloading the apache2 service.

HellScream · May 29, 2019, 8:05am

All done. Now I can use my interface from LAN ONLY. Thank you so much for the support.

PROBLEM SOLVED:

Small Resume at actions:

After installing FreedomBox on your FRESH DEBIAN INSTALL, just run:

sudo nano /etc/apache2/sites-available/plinth.cof

Place a comment in front of every enetery that you DO NOT LIKE. Save the file
Run:
sudo service apache2 restart

haidar · May 29, 2019, 1:59pm

Since the issue has been solved, I am marking it [SOLVED] in the title.