I tried to add a deny rule with one internal ip address as souce and the other one as desatination , to block on all interfaces (default is alllow all), the rule doesnt work
Welcome to our community @akio !
Blocking can work if the packets go through the firewall on IPFire, only.
In an ethernet network ( green ) IPFire is only one device among others. The transport is managed by switches which connect the trunks. The transfer based on the MAC address can flow directly between the two endpoints, without using the IPFire device.
A blocking is only possible, if the end points belong to different networks. This case needs the routing functionality of IPFire ( which contains the iptables firewall ).
yes i realised my thinking error