Firewall rules didn't work after upgrade


I created a firewall rule several years ago to ban all internet connections.
then I have three rules:

  • 1 Lets teamviewer pass on port 5938 (pmad only)
  • 1 that lets teamviewer pass on the port 5938 and the mails (pmad mail)
  • 1 Who lets everything pass (full internet)

Since IPFire 2.27 (x86_64) - Core-Update 171.

I realize that the first rule no longer works if I connect a new computer to the network it can browse the internet.
my configuration :

did you have an idea ?

Your first rule probably allows everyone

? For full internet. Do you have a user group?

If you make a user group called “full internet”
Than it will stop new devices.

Order of the rules

The rules of each type are processed from top to bottom (internally in the iptables chains). The first rule that matches (where source, destination and all other settings equal with these in the packet that is currently processed) is executed and all rules after that are not evaluated any more.

You can use the arrows to re-order rules of the same type or define a position when you create new rules.


@hvacguy @tphz
Thank you for your answer and sorry for the late answer.

yes I have a host group call full internet

for information I follow this video when I create the rules Ipfire firewall rules - block internet by default, except for specific clients - YouTube
he explains in his video that the blocking rule must be the last one. ( which worked very well until the update.).

I recreate the blocking rule the same.
If I place the blocking rules on the top I cut internet for all (logic)

Is the proxy running?
Are the proxy settings propagated by DHCP ( WPAD )?

If yes, your clients on green don’t use a WAN address as destination, but the proxy address ( IPFire ) for web access ( HTTP(s) ).

1 Like

Your last rule. If you change it to destination network “any” does it work?

I Found !!
It’s just a bug.
I have one host removed in the host list, but still visible in the host group with mention ‘deleted’
I recreate the host remove from the host group, and remove the host.
apply changes and it’s work this is working again.