I’m a longtime IPFire (and before that IPCop) user. I’ve contributed to the project financially but haven’t been involved in the community so far.
I use IPFire because I love its simple RED/ORANGE/GREEN network partitioning model. I have zero experience with iptables and my mental model is not even wrong. I have used Ubuntu’s ufw, but that’s just a layer on top of iptables.
I’d like to know how straightforward it is to - for example - from bash, remove all location blocks and reload the firewall rules, and then specify location blocks for all countries except a small handful and again reload the firewall rules.
Are you asking about the “location block” feature?
If so than you can check or uncheck any country you would like.
Save and Save and reload firewall rules.
The Location Block blocks everything.
if you want Only a few devices blocked to a some countries.
Than do not use Location Block…
You will want to use Firewall rules and Firewall Groups.
Easily done from the WUI
sed -i “s/US=on/US=off/g” /var/ipfire/firewall/locationblock
/etc/init.d/firewall reload
In this example US connections are blocked by default in my setup and these two lines unblock them after firewall rules are reloaded.
Simple on/off state (I block all countries except a few ones).