Howto separate traffic from client/group

Hey Community,

i need a hint to find the finest way to separate traffic from single Clients/Groups. At the moment i’ve no idea howto realise that. In my case my ipfire has red, greed and blue, the green, all my clients get static dhcp addresses and configured in groups, for all this groups i’ve rules to allow traffic.

but now i search a way to separate all the traffic for a few wireless lan clients, in my case on the blue ethernet port connect a access point all clients became a dhcp-adress from the ipfire. i mean the separated clients never connect to the allowed blue or green clients.


I am not sure if I understood your description. If you mean that some blue clients should be blocked to other blue clients and only a few clients should be able to connect to each other, then one of the solutions may be to have separate wlans in your access point. If I have misinterpreted you, then please describe it a little more precisely.

1 Like

no i think you understand correctly, some wifi clients are friendly and work well in the private section and a few device should possible to connect from blue to red but not to green or better not connecting through other blue connected devices.

Well then the solution is fine what i told you above. In easy words the handling between the blue clients, some can connect and some not to each other, is handled through the 2 Wlan. Your further wish is usual firewallblocking. Here you already done. Default IPFire install, there is no connection allowed from blue to green.

I think we are talking past each other right now. I know that blue and green do not communicate with each other in the default setting, I have a rule for that. I’m looking for the most attractive way to implement a let’s say “guest wifi” but the clients in this wifi should be isolated from the rest of the network.

Let’s see if I am understanding what you are after.

You have two groups of clients on your blue wifi network.
One group are trusted clients and could be given rules to allow them to access things in the green network even.
The other group are the guests that you want to only be allowed to access red and also not to be able to communicate with the trusted clients in the blue network.
You are also giving all clients in the blue wifi network dynamic ip addresses via dhcp.

If the above is correct then the easiest way I can think of is that you set up reserved fixed ip addresses in the blue dhcp for the trusted clients and leave the “guest” clients to get dynamic ip addresses.
Then you can set up groups for these two sets as you have done for your green clients.

If you can’t define fixed ip’s for the trusted blue wifi clients and they all have to get dynamic ip addresses then I can’t think of a way of doing it at the moment.

Iam not able to understand what you talking about. Sorry.

Sorry, also dont understand what you are talking about.


so you can not control with a firewall rule talking blue talking to each other. This is already possible with the accesspoint. Thats why i already mentioned 2 wifi.