I created Firewall rules to block in coming firewall access from Blue and Green on port 444.
The idea is to stop the admin interface being accessed from those two networks.
Despite my rules to stop anything from green or blue to the firewall TCP 444, I can still connect to the admin interface from Green.
Now that I think about it, given that inbound to firewall is blocked by default anyway, is there some special hidden rules that are allowing port 444 through?
i do not know in which order the IPfire iptables rules are working but if the rule for the GUIINPUT is before your rule, I think those rule will allow the access to the GUI from green.
I had only a short look in the rules and if you look at GUIINput you will see:
Chain GUIINPUT (1 references)
pkts bytes target prot opt in out source destination
I think you should be able to use firewall.local in the same way as used to prevent any blue clients accessing the WUI you could just specify the green network. I think the firewall.local is earlier in the whole sequence so a drop would stop that match going forward.
I thought that was already clear from the above informations. Especially if you read on, which I always try to encourage everyone to do as a matter of principle ;-).
If for some reason you can’t do it through the WUI, you have to do it through firewall.local
Only do the above if you know what you are doing!
BUT I missed an important part of the above post myself
I would never recommend deleting the defaults, I would always set my needs in firewall.local