Block outgoing traffic from all zones example green -> internet ip range network group

i try to find a solution to block some outgoing traffic for all zones example green β†’ network group with internet ip addresses. Can someone show one example please ?
i try to set forward and outgoing firewall options to block by default but i still can see forwarding (FORWARDFW) messages inside syslog for some google ips and i cant find a way to stop it.
Also when creating firewall rules to drop traffic to such internet ips traffic is forwarded and not dropped.
I was not opening a google page or other connection to this ips, i was just using firefox and thunderbird inside a vm with ubuntu 22.04.
My IPFire hardware is a VARIA Group IPFire Ready System - APU4D4, 4 GB RAM, 16 GB mSATA SSD, blue box with 4 nics

if you can create firewall rules without errors messages and it dont have an effect i would not call this a working firewall security solution.
i will invest my money now into other solution and i hope i will get my money for this ipfire solution back.
greetings and have a nice day

Not sure what you are trying to do.
You can change default firewall behavior to block.
You can create a firewall rule to allow a network host group and allow them.??

thank you for replying.
i already tried this way as you can see in my initial post but i dont want to create thousands allow rules for the rest of internet ips, i just want to block some ip ranges when default firewall options (forward and outgoing) are set to allow.

:thinking: Could you translate what the acronym ips means to you?

Have you read the firewall documentation on the IPFire Wiki?

1 Like

Does this help.

You can not create firewall rules with ASN.
Which would be great as a WUI feature.
This can be done under the covers.
If you search the forum.

1 Like

thank you for replying
for creating groups i dont need support but it would be great if someone can post a link to the solution i was searching or to the forum posts where i could find a solution of my problem.
i found a solution for my problem but with a other firewall solution.

You may find this interesting.