Hi,
sorry for that question, but i seem not to get it.
I want to block all outgoing traffic and allow it manualy.
So far so good. I made rules for green clients to red network.
But the problem are the internal DOT-Servers, they can not go outside.
So i made rules for them:
from red firewall with source nat for red to the ip of the dns with the 853 tcp port (source port something like 53625)
But it has no effect, drop_output in the log to the dns servers
Any idea?
best regards
fstarter
It might help if you include a screen shot of the entire firewall ruleā¦
screen shot with Qubes OS, you are crazy 
iāll do it tomorrow via smartphone. 
smartphone will work!!
Hi fstarter!
Try setting up rules without āNattingā.
brgds, Wayne
ok, i got it!
it was not NAT, but the source port. The field must be empty, than it just takes any source port.
Hi,
screen shot with Qubes OS, you are crazy
just to have it mentioned: Screenshots are possible within Qubes OS, however,
the files will be saved in dom0, and you will have to copy or move them to
the desired VM.
Please refer to the Qubes OS documentation for further information on this. 
Thanks, and best regards,
Peter MĆ¼ller
Hi,
since IPFire uses HTTPS (i. e. TCP with destination port 443) only, you could set up a
host group for all mirror servers, so you only need one firewall rule in order to permit
fetching updates.
Personally, I really like these, since they make things more straightforward.
Please refer to the documentation for further information.
Thanks, and best regards,
Peter MĆ¼ller
yes, that would be nice to get it just in one group, youāre right!
And yes, i forgot about the possibility of screenshotā¦ sure, it works
Hi,
Might be of use to you, happy to share a text version of the group if it helps.
this would be certainly helpful.
Perhaps we should add such a list to the Wiki to make this step easier for new users
as well. On the other hand, this needs some automation, since mirror IP addresses may
change at any timeā¦
Thanks, and best regards,
Peter MĆ¼ller
Zipped text file of IPFire mirrors attached.
IPFire_Mirrors_2020-12-20.zip (556 Bytes)
Happy to add to Wiki if you point me to the right page (1st timer).
Unsure how to automate as suggested but certianly happy to update from time to time as mirrors change.
Robert
ah, very nice! thank you!
does it make sense to add just the national servers?
I tried that when creating the group but found pakfire randomly selecting a mirror so I ditched the idea of a limited mirror list and just went ahead and added them all.
ok, better idea!
Here ya go! Let us know if you have questions!
Can you remember the copy and paste file i provide you in the past? 
@anon33261557ā¦ I must be getting āoldtimersā because I totally forgot about your reply back in September. Had I remembered I would have pointed the good folks to that topic. Thanks for pointing that out.
Maybe Iām not the only one with āoldtimersā - Iāve noticed in the forum how some questions get asked again eventhough they have already been answered in a previous post / topic.
My New Yearās resolutionā¦ make better use of IPFire forum archives!
In the meantime, wishing you all the very best for Xmas 2020.
Had a look at that page and noticed a list of mirrors already made known here: https://mirrors.ipfire.org/
Not sure if thereās any benefit in adding a separate text attachment with same servers - could lead to confusion if / when mirrors servers change.
RS
