Hello, by reading how to make safe my HP Thin Client T610plus with ipfire in it, as gateway-proxy-server in my home LAN (LAN >> Switch >> HP-ipFire >> modem-router), and forcing ALL clients to use proxy regardless they use HTTP, HTTPS or DoH, I’m a lot confused about the correct firewall.local settings. So posting here 3 examples that I pulled out from other threads, and please anybody can help by suggesting which one is correct to use. My LAN has been seted to 192.168.2.2/24 and WAN to 192.168.1.2/24. Thanks a lot.
firewall-local-txt.tar.gz (1.2 KB)
The correct way to operate a firewall is to do exactly what is outlined here by @pmueller. You close completely the firewall (carefully not to lock yourself out), and then you open your Lan, one machine and one service at the time.
This way you obtain the optimal security and you learn how to configure properly the firewall. Chances are, you will get stuck. In case, come here with the specific problem and the community will help you out.
The tradeoff of this is to spend a lot of time and effort. However, the risk of the alternative, which is setting up a firewall using “recipes” found online is as bad (if not worst) than copying lines of codes from google search results when you code your web application or your shell script. Chances are, the universe will punish you. Painfully.
Concerning the use of the console instead of the Web User Interface (WUI), unless you know exactly what are you doing, it is better to stick to the WUI. This is part of the learning process. Once you have a functional firewall, you can always look how the WUI translates the rules in the console and start figuring out the syntax. Coding directly the firewall with your own rules is seldom necessary.
3 Likes
You are right, but for someone like me who doesn’t know anything about “coding”, there’s no other way, than trying to resolve problems by searching in forums like this.
So, I’m asking this because I have read that it’s not possible to make these rules from WUI, and all changes should be manually using terminal. This is not easy for me at all, I’m 56 y.o. and cannot learn things that look simple for somebody who has the knowledge.
In addition to all these, you’ll agree that there are a lot of firewalls out there, and every one has it’s special rules or differences, so trying to find which one can make what I want, have to spend a lot of time, and it should not be a problem if I didn’t be harrying to set it up because of this dam game “minecraft”, which for my kids have stop reading their lessons and playing all time. So, for not closing their laptops and PCs, and make them complaining, I try to make things easier by restricting access some time’s in some days. That’s all, not easy but I think not difficult for somebody who knows. Also if finally I use ipFire for this job, I’m willing to give some money for getting more help.
For all these and till I find a solution, have to ask, to try, to check.
Sorry for spending your time.
I looked at all three files and they all do something similar (redirect DNS) that is no longer needed in the firewall.local file. The code was corrected for the WebGUI Firewall Rules page.
read thru this Wiki:
And then feel free to ask questions.
EDIT: It helps with these two items on the Blog page:
3 Likes
Thank you sir, I was confused reading older posts saying that it could not be done by WUI, I’ve allready done this. Thanks a lot, this short answer was the best solution for me.
3 Likes