I have a fairly simple set up here as you can see in the screenshot below
I’m blocking UDP packets to anywhere on green. But I’m still able to see UDP traffic (like DNS) and QUIC traffic on green.
Its not actually leaving the network cause it gets blocked on red (either due to the default policy or the explicit rules)
I’m wondering, with the setup above shouldn’t I not see and UDP traffic on green interface? Or are there some implicit rules set somewhere?
If the traffic is incoming, this is normal. IPFire firewall cannot block sending from devices in green.
Especially for UDP, an application on a green device tries many times. UDP isn’t a reliable protocol, normally without connections, so packets can be lost ( or dropped ) on their way to the receiver.
Hey No22,
Could you show the UDP traffic that you see?
Is it in the Firewall Log
Could you click on the Pencil and show the whole rule?
I could be wrong but I usually put Green as Source for outgoing traffic. and Destination is Firewall.
I see you have it switched, Source is Red and destination is Any.
@bbitsch The traffic is outgoing from green device to internet. The rule that says source “Green Devices” and destination “ANY” on ANY port protocol UDP, should drop the packets from ever appearing on the green interface capture. But it seems you’re saying ipfire cannot block sending from green devices. Not sure why this is? I can achieve this with pfsense for example.
I see it when i capture the traffic with tcpdump. @peppetech . Not FW logs. And my rule above saying source green and destination any should achieve the same thing
Sorry, if I wasn’t precise enough.
IPFire can’t prohibit the sending on a device in green. Therefore these packets reach the green interface and are dropped. You can see this if you switch on logging for the rule.
You can try to lower the number of sending trials, if you change the action to ‘reject’. The sending application receives an ICMP error message.
