On this page detailed information about the default policy of a fresh installed IPFire firewall can be found. A fresh installed system doesn't have any custom created rules and no modifications on the default firewall behaviour have been done.
The firewall policy sub-section on the firewall options page, offers the best way to adjust the firewall actions when network packets got dropped by the input firewall or if the “Forward” or “Outgoing” firewalls are set to “Blocked”.
Each item individually can be configured to one of the following actions:
The second section of the page, allows you to modify the Default firewall behaviour for the “Forward” or “Outgoing” connections.
The default value for the “Forward Firewall” is “Allowed”. This means, in general, that any network packet is allowed to be forwarded to another network zone unless there is an existing rule preventing it. Such a rule can be added within basic zone policy or it can be customized to fit requirements for your various network zones.
When switching the “Forward Firewall” to “Blocked”, the traffic will no longer be transfered between the zones. Please note, the traffic from internal zones to your IPFire's RED zone is also affected, but not the traffic of the IPFire system itself. You will then have to create firewall rules to re-allow desired packets between your internal network zones and the Internet.
The “Outgoing Firewall” offers a way to control traffic of the IPFire itself. It does not affect forwarded traffic from the other local network zones except IPFire acts as proxy. Default and strongly recommended setting is “Allowed”
IPFire comes with a default ruleset which restricts the traffic between the individual network zones. The following table shows this limitations:
|Red||→||Firewall||Closed, Use external access|
|Red||→||Orange||Closed. Use port forwarding|
|Red||→||Blue||Closed. Use port forwarding or VPN|
|Red||→||Green||Closed. Use port forwarding or VPN|
|Orange||→||Firewall||Closed, No DNS nor DHCP for Orange|
|Orange||→||Blue||Closed, use DMZ pinholes|
|Orange||→||Green||Closed, use DMZ pinholes|
|Blue||→||Firewall||Closed, no access for Blue|
|Blue||→||Red||Closed, no access for Blue|
|Blue||→||Orange||Closed, no access for Blue|
|Blue||→||Green||Closed, use DMZ pinholes or VPN|