Differences in Revisions: Access to Blue

Older Revision
October 9 at 1:55 am
»
Newer Revision
Monday at 8:45 pm
tried to make entry clearer
# Access to Blue
 
The **<span style="color:blue">BLUE</span>** interface is designed to separate the [LAN](https://en.wikipedia.org/wiki/Local_Area_Network) from the [Wireless LAN](https://en.wikipedia.org/wiki/WLAN) (or "WLAN").
 
By default, IPFire controls the access of all devices on blue using [MAC Address](https://en.wikipedia.org/wiki/MAC_Address) filtering. This means that all DHCP leases must be manually approved in the IPFire Web User Interface before they can access the network and gain internet access. This filtering is separate to any wireless passphrase which you have applied in IPFire or to an external a WiFi access point.
 
| Note! |
|---|
| This includes external WiFi access points which may also apply MAC address filtering by default |
 
Example (without [DHCP](../network/dhcp) on **<span style="color:blue">blue</span>**): *00:13:02:XX:XX:XX* is the WLAN-clients MAC address and the client should use the IP *192.168.49.1*.
 
![](/configuration/firewall/accesstoblue.png)
 
- Click "*Enabled*".
- Click "*Add*" and the client will be able to access the internet.
 
## Disable MAC Address filtering
To disable MAC address filtering and allow all clients connected to blue internet access do the following on the Wireless Configuration page:
 
- Entering the blue subnet into the Source IP field and leave the*Source MAC Address field* blank
- Enter the IP of the blue network's broadcast address and the subnet mask in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation. For example *172.16.1.0/24* for a subnet with a range of addresses from 172.16.1.0 to 172.16.1.255
 
![](/configuration/firewall/blue-no-mac-filter.png)
 
| Note! |
|---|
| Disabling MAC address filtering does not disable WLAN encryption |
 
 
## Deny blue clients access to the IPFire web interface
If no **<span style="color:blue">blue </span>** network clients should have access to the web interface, add the following entry to:
If no **<span style="color:blue">blue </span>** network clients should have access to the web interface, add the following lines to the file: `/etc/sysconfig/firewall.local`.
```
/etc/sysconfig/firewall.local
```
 
filename = /etc/sysconfig/firewall.local
 
```text
## Start rule
iptables -A CUSTOMINPUT -s 192.168.49.0/24 -p tcp -d 192.168.49.254 --dport 444 -j DROP
 
## Stop rule
iptables -D CUSTOMINPUT -s 192.168.49.0/24 -p tcp -d 192.168.49.254 --dport 444 -j DROP
```
 
 
## Allowing Clients on Blue Network to Connect to Green Network
 
By default, the firewall will not allow traffic from the Blue network to pass through to the Green network. If you wish to allow traffic to pass through from the Blue network to the Green network, you must create a firewall rule to allow that traffic.