Hello,
I am interested in IPfire, I installed them on a machine and I am experimenting with them.
I manage a small network with meager knowledge.
I would like to know if there is a way to use the web console via a different network card than the green to physically isolate the administration of IPfire and the user network. (AINSSI recommendation “National Information Systems Security Agency”)
I do not speak English. so google translate. sorry…
Thank you
Short answer: Yes. But the issue is bit more nuanced. There are only four zones that can be bound to a network card in IPFire 2 (version 3 fixes this but its development is in early alpha stage).
In the red zone the access to the Web User Interface (WUI) is blocked by default, but it can be opened by rules in the firewall.
In the orange zone (DMZ) almost everything is isolated from the network (including obviously the WUI), period.
In the Blue and Green, the access can be open or closed according to rules you set in the firewall and, if enabled, in the proxy (keep that in mind as it is not necessarily obvious to a new user).
Therefore, you can segregate the access to the WUI inside the blue zone and block it in the green zone, and vice versa. You can also create a rule to have that access restricted to a given IP address of your choice.
Hello,
cfusco, thank you for your answer.
This is what I was looking for as a solution but I had not found the information.
Thanks again …