Configure firewall rules to open certain ports for bitdefender

We have been using ipfire in a small network for a while. It is working fine with port forwarding and some firewall rules.
Now that, we have installed bitdefender business security in the systems in LAN, they asked us to open certain ports in the ipfire firewall (firewall policy is Blocked) for their cloud console to work. Here is the list of ports they have asked us to open.
https://www.bitdefender.com/support/bitdefender-gravityzone-(cloud-console)-communication-ports-1256.html

I don’t know how to open these ports for the whole netwok. (Port forwrding is working fine for us. But it needs to specify a certain client) Please advice me what to do with these firewall rules.

-Josin

Hi,

if I got your problem, you just need to configure firewall rules for that. This is documented in the wiki; just select your GREEN/BLUE/ORANGE network as the source.

Here is the list of ports they have asked us to open.

That’s quite a bunch of ports their products want to talk to. Great for improving the overall security of your network, but perhaps you are able to limit firewall access to certain IPs, networks or countries. :expressionless:

Let me know if there is any trouble.

Thanks, and best regards,
Peter Müller

Thank you Peter.
I can create firewall rules with GREEN/RED as my source.
But I don’t understand, how to specify a certain port in that rule.
Only when I select ‘NAT’ that I see an option for port. (I think, which is not needed here)
A clarification to this problem is appreciated.

-Josin

This is mentioned at the firewall rule documentation. Just select the appropriate protocol and port numbers or use port groups.

Thanks, and best regards,
Peter Müller

1 Like

Okay, I got it. Thank you very much.
One more doubt, I selected Source as RED and Destiantion as GREEN. (Inbound connection)
I have to open port ‘5555’ for Inbound connection.
Now, What shall I give in ‘Source port’ and ‘Destination port’?

How can I use this feature, Port groups?

-Josin

Now, What shall I give in ‘Source port’ and ‘Destination port’?

Well, the “destination port” is 5555. Since you do not know the source port, just leave it blank. (You might want to limit the source port to someting bigger than 1,023, but this unfortunately is not implemented yet.)

How can I use this feature, Port groups?

Please have a look at https://wiki.ipfire.org/configuration/firewall/fwgroups.

1 Like

Thank you Peter.
You really saved my time!!

-Josin

Next time, try read the documentation first. :wink:

1 Like

I was also looking for this solution.
I figured out how to create service groups.
But I can’t find an option to include service groups in firewall rule creation.

Hi,

quoted from the wiki:

IPFire offers the ability to take control of a lot of different protocols. During the rule creation you may select a special protocol, a -Preset- for a known or custom created services, or simple create a rule that affects All protocols.

So, all you need to do is selecting “-Preset-” as the protocol.

Thanks, and best regards,
Peter Müller

Saved my day!!
Thank you.