Firewall Default Zone RuleSet

General questions.
Post Reply
Mauricio Luz
Posts: 33
Joined: December 10th, 2016, 2:40 pm

Firewall Default Zone RuleSet

Post by Mauricio Luz » February 27th, 2017, 10:58 am

Image

Is there are any way of changing the firewall default ruleset? For example, allowing the traffic from blue to the firewall, and from blue to green.
Last edited by Mauricio Luz on February 27th, 2017, 6:16 pm, edited 1 time in total.

Mauricio Luz
Posts: 33
Joined: December 10th, 2016, 2:40 pm

Re: Firewall Default Zone RuleSet

Post by Mauricio Luz » February 27th, 2017, 6:15 pm

No one knows?

User avatar
twilson
Posts: 457
Joined: October 31st, 2014, 9:26 am
Location: Germany

Re: Firewall Default Zone RuleSet

Post by twilson » February 28th, 2017, 10:22 am

Hello,

sorry for the late reply. :)

Changing the "firewall default policy" as described in the Wiki (http://wiki.ipfire.org/en/configuration ... ult-policy) is basically possible.

For example, if you want to allow network traffic from Blue to Green, set up a new firewall rule:
Source: BLUE (choose network here)
Destination: GREEN (choose network here)
Protocol: Any
Action: ACCEPT

The position of this rule depends on your other firewall rules set. It must be placed before a rule that might forbid similar traffic, otherwise it has no effect at all.

Allowing traffic from Blue to the firewall can be done by a correspondending firewall rule. If you want to filter VPN networks (in case they exist), please refer to: http://wiki.ipfire.org/en/configuration ... tering-vpn

Please keep in mind that such modifications might be dangerous and cause security issues. For example, generally allowing traffic from Blue (WLAN) to your green network can be problematic in certain environments. If possible, consider using a VPN connection, the OpenVPN server can be activated for the Blue network, too (source: http://wiki.ipfire.org/en/configuration ... g/glob_set).

Best regards,
Timmothy Wilson

Mauricio Luz
Posts: 33
Joined: December 10th, 2016, 2:40 pm

Re: Firewall Default Zone RuleSet

Post by Mauricio Luz » March 1st, 2017, 1:36 pm

So i have another firewall connected to the IPFire firewall on the green interface, to create some vlans, since i cant make them as i want on ipfire . (gateway is inside the green adress, and the gateway is the green address) but im not able to acess the internet on a client connected to the other firewall. Basically i should do : source: green network destination: any network to allow traffic to the other firewall?

User avatar
twilson
Posts: 457
Joined: October 31st, 2014, 9:26 am
Location: Germany

Re: Firewall Default Zone RuleSet

Post by twilson » April 13th, 2017, 8:18 am

Hello,

whoof, is IPFire able to handle VLANs at all? ???

Since I have absolutely no experience with this (we use physical isolated networks in my company), I'm afraid I cannot help.

Best regards,
Timmothy Wilson

User avatar
Deepcuts
Posts: 461
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Re: Firewall Default Zone RuleSet

Post by Deepcuts » April 13th, 2017, 11:32 am

Image
Image

Post Reply