Problem entering a rule in the firewall

I do not know if it is a Bug or the scenario is regular.
I am sending the images. I think it is better than explaining it.
What do you guys think?


The error message that you have labelled 3 is telling you what the problem is.

You have tried to label a network group that is already defined internally as a group. In the Firewall page you can select the OpenVPN subnet(s) that you have defined with the name you defined when setting them up. Therefore you cannot name the same subnet again.

You can see here that I have an OpenVPN Network available named road warrior pool which was defined when I set up my OpenVPN server.

When you define your OpenVPN static address pool(s) you get a named group from this. So you don’t need to set it up again.


@casabenedetti , you tried to show an bug.
That is not true. As Adolf wrote, the network is defined yet. So the definition page doesn’t allow a new definition. This trial of a double definition is check by the code of the page and is flagged as error.
A manual edition of the settings file /var/ipfire/fwhosts/customnetworks isn’t really recommented. The correctness of this file may be not checked during generation of FW rules. The program assumes that the definition pages of the WebGUI write correct definitions to the file, only.
If you call the base page fwhosts.cgi ( part networks ) the contents of the definition file is just displayed ( without check! ). This program also assumes only correct entries produced by itself.

1 Like

You are absolutely right.
I didn’t realize at all what @bonnietwin explained and actually thought it was a bug, but I wasn’t sure.

I agree. With similar operations, several times it happened to me that I had to reinstall the whole system :sweat_smile:.
All “dangerous” experiments I do on my server and back up first. In this way, I understand how IPFire works “at the root level,” but I too would tell users not to touch these files if you don’t want to risk damaging IPFire or compromising other functions.

I thank all forum members who assisted me! :wink:

1 Like

Just one more advice.
If someone really wants to edit the config files of IPFire ( those in /var/ipfire especially ) he/she should be aware, that this switches off the usual checks for correctness. Therefore it is urgent to watch the system logs for error messages.


@bbitsch ,
I thank you for this valuable information.
I did not know this!!! :thinking:

I do this very often. :thinking:
I guess the security of the firewall could also be compromised. :thinking:

Conclusion of this thread ( and others ):

  • Don’t edit internal configs without knowing exactly what you do.
  • If doing this anyway, document this modifications if you have ‘mysterious’ problems.