And suddenly it is not working again. It worked for 4 days.
Nothing changed.
Is this not an exact science ?
So I never got the service approach to work so I tried with individual FW Rules and Hosts.
Partial success.
192.168.10.5 is talking to 192.168.1.12. That is the Switch I use to feed PoE to my AP.
This rule:
However, I am still not getting my AP to talk to Green at 192.168.1.12.
Same rule but different device.
There are also some irritating limitations to the Firewall Group Host Management.
You can add a Host with IP or MAC but not both, and then you have to add two hosts, one with IP and one with MAC and run trial and error on which works, because as I have done this not all seems to work. Only the Host with defined IP address seems to work in my working rule for 192.168.10.5.
Or I am just doing everything wrong and not doing this as the Gods of Network intends.
One is lacking and that is the 192.168.1.12 MAC, since that is running on a Docker network and I can’t really figure out which is being used and relevant for this scenario.
If your rule has that host as the destination then a MAC address will not work. MAC addresses can only be used for the source.
See this documentation link.
https://www.ipfire.org/docs/configuration/firewall/rules#attention
2 Likes
Hint department here: please, create the service group. Then make rules only with IP addresses and the service group.