I’m just starting and I don’t come with any expectations of ipfire, but it has a web interface and it appears to make everything quite simple and usable for me, yet this most basic setting that I am used to looking for in a firewall is missing.
Is the normal course of action really to re-enter the setup process? Or advanced users would edit a config file directly and the setup process is the hand held version provided for beginner users?
All modifications which can influence the network connection to IPFire should be done from console!
There may be ways to work around, but because these depend on both sides of the connection there is no easy implementation.
This ‘roaming’ doesn’t occur permanently. So the development (and testing!) effort is to high.
Just my opinion.
having a remote, out of band access to my firewall would terrify me. I would never, ever, under eany circumstances have my firewall reachable in such a way from the wan side. However, I understand that as an hobbyist, my needs are very different from professional settings. Still, I think it is a bad idea (for a firewall).
EDIT: if I could not afford to have the firewall down when I am not physically capable of accessing the machine, I would rather use a solution like keepalived.
We are not talking about the SSH console, but the main console of the IPFire system. This is a serial port with ‘embedded systems’ ( PC Engines APU boards or the Mini Appliance ) or the standard KVM interface of PCs.
No, please re-read the subject again. The OP clearly asked for changing, or better assigning, IP addresses in the web interface and someone explained, if this would be possible, this would result in loosing the connection to IPFire.
Followed by a possible restart of the internal web server.
I just added, that when using a SSH terminal and running IPfire’s setup to change some interface’s IP address, this would result in an interrupted connection, too.
The reasons for a lack of setting IP addresses ( configuration of networking ) in the WUI are true for SSH also.
Therefore it was evident ( for me ) that we talk about access to configuration on the network or the system console.
IMHO, someone who can manage a problem in cutting the access, is able to access the system console and do the config there. In general, the system console approach is less error-prone ( Cut not the bough that you are standing upon ).