Block firewall WUI Access

johnytheboar · 3 June 2026 10:05

Im trying to block firewall wui access from my LAN devices.
The rule iv created did not achieve it.

how to override the GUINPUT hardcoded rule ?

This one:

-A GUIINPUT -i green0 -p tcp -m tcp --dport 444 -j ACCEPT

pscar13 · 3 June 2026 11:37

Add CUSTOM rules in /etc/sysconfig/firewall.local

For example, to block the device with IP address 192.168.10.10 to your IPFire WUI at address 192.168.10.1

# See how we were called.
case "$1" in
  start)
        ## add your 'start' rules here
        iptables -A CUSTOMINPUT -s 192.168.10.10 -p tcp -d 192.168.10.1 --dport 444 -j DROP
		;;
  stop)
        ## add your 'stop' rules here
        iptables -D CUSTOMINPUT -s 192.168.10.10 -p tcp -d 192.168.10.1 --dport 444 -j DROP
        ;;

tphz · 3 June 2026 13:05

Just to provide some additional information


--> Deny blue clients access to the IPFire web interface

johnytheboar · 4 June 2026 11:43

iv created a custom rule exactly how you wrote and saved the text file ,

but it did absolutely no difference

pscar13 · 4 June 2026 11:47

/etc/init.d/firewall restart