Hello everybody. Been searching everywhere, found nothing, so ask… maybe stupid: If there is a seperate, internal router in the GREEN network, say 172.16…0.0, into more network addresses, like 192.168.30.0, can those internal networks be added to the GREEN zone? Or do I have to declare and rule them one by one?
Second question: IPFIRE seems not to send ICMP redirects, is there a way to enable or do I need routes back into the subnets on every single host on 172.16.0.0? Thx.
Hallo @tbaeurle
Welcome to the IPFire community.
The 192.168.30.0 network addresses can not be made part of your Green 172.16.0.0 network as Green has to be a single subnet.
However you don’t have to create a rule for all addresses individually. You can create a Network group in the WUI menu Firewall - Firewall Groups and choose Networks.
https://www.ipfire.org/docs/configuration/firewall/fwgroups/networks
ICMP redirects are disabled in the IPFire kernel due to security concerns.
1 Like
Hi @tbaeurle, wellcome.
It seems that I don’t get the idea of the network you propose. Could you present it with draw.io?.
This way we would get an idea of what you need and we can help you better.
Saludos.
1 Like
Hi. I did a sketch by hand, hope this as good. On the green network there is a router into more local networks. Can these network segments be added to the GREEN zone so that I dont have to explicitly create them and set up all the rules for them? And is there a way to enable ICMP redirects on the GREEN interface so that I do not need to create a routing table entry on all hosts on 172.16.0.0? Thx.