Hello.
I hadn’t noticed that before so I cannot tell how recent it is…
In System/Web it is possible to restrict the access to the Web management interface, then of course I had restricted it to the internal bridge only.
But from a computer connected WAN side I still could see it and even login !
I also tried with the access restricted to the explicit internal subnet/24 only, so excluding the WAN side subnet, idem !
Actually it is the checkbox named “Auto-authorize the LAN” that makes no difference and auto-authorizes all the subnets around 😯
By unchecking it, the interfaces or subnets explicitly listed do access but the others get no answer.
I don’t know if this is really a bug or rather a feature, but at least it is very counter-intuitive then dangerous.
Is that checkbox useful, considering how simple it is to explicitly authorize interfaces or IP ranges ?
Best regards.