hello, how can i block connectivity between orange and green networks? by default there is connectivity between green and orange and after creating firewall rules that block such connection the connectivity persists.
Thank you.
By default green → orange but not the other way.
1 Like
The default rule that allows green to access all other networks is in the POLICYFWD chain.
You can overrule this either by setting the Default Firewall behaviour for FORWARD to BLOCKED instead of ALLOWED at the bottom of the WUI menu option Firewall - Firewall Options. With this option it stops Green accessing red or any interface accessing any other. To get any access you would then need to write FW rules specific to each of your needs.
https://wiki.ipfire.org/configuration/firewall/default-policy#default-firewall-behaviour
Alternatively if you want to just stop green accessing orange but still have green accessing red then you could create an iptables CUSTOMFORWARD chain rule that you insert into the firewall.local file
https://wiki.ipfire.org/configuration/firewall/firewall-local