Blue can ssh to firewall!

I have noticed something very odd quite by chance, since adding a blue network a couple of days ago

I’m running ipfire Core update 141 as a virtual machine, on a proxmox server for my small home setup

the blue network is connected via a usb 3 gigabyte adaptor connecting to a wifi router with dhcp switched off in the router

If I have ssh access turned on via the gui for the ipfire server itself, servers on the blue network can ssh directly to the ip address of ipfire which seems very strange

I cannot do this from the Orange network, as I would expect

I have tried specifically adding rules to prevent this but it doesnt seem to make any difference

I’m sure I must have something incorrectly configured, but I’m unable to see anything obviously wrong

I would be grateful for any suggestions how to debug this

This is not strange because Dr. Strange ist missing! Yep:

Looks like this shouldn’t be the case (or we missunderstood the wiki article because you need to config the acces for all blue devices) but honestly I can’t remember a time when I was not able to access the firewall interfaces from BLUE. I can also access the GREEN firewall interface (the IP for ipfire within the GREEN network).

Thats the same doc I read and my interpretaion is same as yours, blue should not be able to access firewall by default, hence my assumption I have something wrong, but if your experience is the same, I’m not so bothered. Although either the system has a bug somewhere or the documention is wrong !!

Can you please share the setup?

Go to Firewal Rules an look for this section: is the Blue To Green access blocked?

And then please post Firewal options:

And this section:

Sorry for delay I’ve just seen your reply

here are screen shots as requested