How to block incoming (specific) IP from LAN and DMZ?

houseofdreams · 22 December 2020 03:35

Hi

I want to block a specific IP (lets say 1.2.3.4) to have no access to any of my internal network (not even the orange DMZ network)

I’ve tried some firwall rules, but none of them seem to work.On our mailserver, I keep getting logs of this specific IP accessing.

I assume, when you add that specific IP as a firewall rule (but in the correct way) even the DMZ should be safe of am I wrong? Because to open ports to the DMZ, you have to have firewall forwarding rules?

Any help (with an example how to completely block a specific IP) would be appreciated!

pmueller · 21 December 2020 10:10

Hi,

first, please refer to the firewall documentation next time, as your question is most probably answered there.

It is possible to block a specific IP address quite easily, you just have to ensure the firewall rule
doing that comes before another firewall rule permitting access to your DMZ, as they are processed
sequentially, not on a “best match” basis (as BSD packet filter pf does).

Thanks, and best regards,
Peter Müller

houseofdreams · 21 December 2020 12:14

That was the first place I looked but couldn’t find the specific answer… I saw that the rules have a specific order. Rejecting comes before other rules, but when I add my test rule, it doesn’t go next to the other forwarding rules, but in a seperate part, at the bottom (Incoming Firewall Access)

Maybe someone else has the time to make a screenshot?

bonnietwin · 21 December 2020 23:08

If the rule is in the Incoming Firewall Access section then the rule is looking to stop the specific ip accessing the firewall itself. Probably you have made your destination the Firewall rather than selecting Standard networks and Any.

It seems that you want to stop an external ip accessing your internal networks. If that is so then this is the default setup of ipfire. If the external ip is accessing your internal network then you must have created a rule allowing that.

The above is just a guess. It would help if you showed a screenshot of your firewall rules or gave more details about the rule created.

pmueller · 21 December 2020 18:55

Hi,

this is not how support works here.

In order to be able to help you, you have to provide as detailed information as you can, just staying “would somebody else please do the work for me” is neither satisfying for your nor for the community.

Based on your description, your problem suspiciously sounds like bug #12265, but in order to verify this, would you please post a screenshot of your firewall ruleset here?

Thanks, and best regards,
Peter Müller

houseofdreams · 21 December 2020 23:08

This was the problem

I had the setting like you mentioned, set to firewall and not to standard networks. Now I see this rule together with all others and I’ve set it to position 1.

Problem solved, thanks!

bonnietwin · 21 December 2020 23:00

That’s great news. Glad to hear it’s been solved.