Page 1 of 1

Firewall Rules require server/service restart?

Posted: February 11th, 2019, 9:34 pm
by cwbuege
All -

I looked through the existing posts and didn't find anything relating to this so if it is a repeat I apologize.

I've got IPFire up and running as an endpoint on an IPSec tunnel with a Palo Alto PA-220 and it works great. The only thing I had to do at the end was add a Firewall rule permitting all access from my local and remote networks. This is a proof-of-concept so I'm not worried about getting more granular yet - I'll jump that hurdle when I come to it.

What I AM wondering is this. I needed to add a Firewall Rule where I did the following rule:
Source address (network) - Remote Network range
NAT - Use NAT - Source NAT - New Source IP Address - GREEN
Destination address (network) - Local Network range
Protocol - All
Remark - A comment on my rule
I then clicked 'Add'.

Back at the Firewall Rules screen, it said 'Apply changes'. I did this and the firewall rule did not take effect. I gave it five minutes or so in case it just took a while but it never kicked in. I ended up having to reboot the server to get the rule to take effect.

is this correct? Am I missing something else? I'd have expected 'Apply changes' to make the rule I added take effect.

Any suggestions? Obviously I'd prefer a different way of making the rule go active, but if this is what I have to do to use a 'free' product, then so be it.

I'm currently running version 2.21 x64 Core Update 127 on a VM in an ESXi environment in case that helps any.

Thank you in advance!!

Re: Firewall Rules require server/service restart?

Posted: February 13th, 2019, 10:20 am
by larsen
I never needed to reboot to get firewall changes active.
You might check the output of "iptables --list -n" before and after you apply your changes.