Differences in Revisions: Firewall Default Policy

fixed table & colors
# Firewall Default Policy
 
On this page detailed information about the default policy of a fresh installed IPFire firewall can be found. A fresh installed system doesn't have any custom created rules and no modifications on the default firewall behaviour have been done.
 
## Default policy
 
The firewall policy sub-section on the firewall options page, offers the best way to adjust the firewall actions when network packets got dropped by the input firewall or if the "Forward" or "Outgoing" firewalls are set to "Blocked".
 
 
![](configuration/firewall/en_firewall_policy.png)
 
Each item individually can be configured to one of the following actions:
 
* **DROP** - Network packages will be dropped directly.
* **REJECT** - This has the same effect as 'DROP', in addition the remote host will get an ICMP error message.
 
## Default firewall behaviour
 
The second section of the page, allows you to modify the Default firewall behaviour for the "Forward" or "Outgoing" connections.
 
![](configuration/firewall/en_default_firewall_behaviour.png)
 
#### Forward Firewall
 
The default value for the "Forward Firewall" is "Allowed". This means, in general, that any network packet is allowed to be forwarded to another network zone unless there is an existing rule preventing it. Such a rule can be added within basic zone policy or it can be customized to fit requirements for your various network zones.
 
When switching the "Forward Firewall" to "Blocked", the traffic will no longer be transfered between the zones. Please note, the traffic from internal zones to your IPFire's RED zone is also affected, but not the traffic of the IPFire system itself. You will then have to create firewall rules to re-allow desired packets between your internal network zones and the Internet.
 
#### Outgoing Firewall
 
The "Outgoing Firewall" offers a way to control traffic of the IPFire itself. It does not affect forwarded traffic from the other local network zones except IPFire acts as proxy. Default and strongly recommended setting is "Allowed"
 
## Default zone ruleset
 
IPFire comes with a default ruleset which restricts the traffic between the individual network zones. The following table shows this limitations:
 
| **** | **Direction** | **** | **Status** |
|---|:---:|---|---|
| **<color red>Red</color>** | -> | **Firewall** | Closed, Use [external access](/configuration/firewall/rules/external-access) |
| **<span style="color:red">Red</span>** | -> | **Firewall** | Closed, Use [external access](/configuration/firewall/rules/external-access) |
| **<color red>Red</color>** | -> | **<color orange>Orange</color>** | Closed. Use [port forwarding](/configuration/firewall/rules/port-forwarding) |
| **<span style="color:red">Red</span>** | -> | **<span style="color:orange">Orange</span>** | Closed. Use [port forwarding](/configuration/firewall/rules/port-forwarding) |
| **<color red>Red</color>** | -> | **<color blue>Blue</color>** | Closed. Use [port forwarding](/configuration/firewall/rules/port-forwarding) or VPN |
| **<span style="color:red">Red</span>** | -> | **<span style="color:blue">Blue</span>** | Closed. Use [port forwarding](/configuration/firewall/rules/port-forwarding) or VPN |
| **<color red>Red</color>** | -> | **<color green>Green</color>** | Closed. Use [port forwarding](/configuration/firewall/rules/port-forwarding) or VPN |
| **<span style="color:red">Red</span>** | -> | **<span style="color:green">Green</span>** | Closed. Use [port forwarding](/configuration/firewall/rules/port-forwarding) or VPN |
| **<color orange>Orange</color>** | -> | **Firewall** | Closed, No DNS nor DHCP for **<color orange>Orange</color>** |
| **<span style="color:orange">Orange</span>** | -> | **Firewall** | Closed, No DNS nor DHCP for **<span style="color:orange">Orange</span>** |
| **<color orange>Orange</color>** | -> | **<color red>Red</color>** | Open |
| **<span style="color:orange">Orange</span>** | -> | **<span style="color:red">Red</span>** | Open |
| **<color orange>Orange</color>** | -> | **<color blue>Blue</color>** | Closed, use [DMZ pinholes](/configuration/firewall/rules/dmz-holes) |
| **<span style="color:orange">Orange</span>** | -> | **<span style="color:blue">Blue</span>** | Closed, use [DMZ pinholes](/configuration/firewall/rules/dmz-holes) |
| **<color orange>Orange</color>** | -> | **<color green>Green</color>** | Closed, use [DMZ pinholes](/configuration/firewall/rules/dmz-holes) |
| **<span style="color:orange">Orange</span>** | -> | **<span style="color:green">Green</span>** | Closed, use [DMZ pinholes](/configuration/firewall/rules/dmz-holes) |
| **<color blue>Blue</color>** | -> | **Firewall** | Closed, no access for **<color blue>Blue</color>** |
| **<span style="color:blue">Blue</span>** | -> | **Firewall** | Closed, no access for **<span style="color:blue">Blue</span>** |
| **<color blue>Blue</color>** | -> | **<color red>Red</color>** | Closed, no access for **<color blue>Blue</color>** |
| **<color blue>Blue</color>** | -> | **<color orange>Orange</color>** | Closed, no access for **<color blue>Blue</color>** |
| **<span style="color:blue">Blue</span>** | -> | **<span style="color:red">Red</span>** | Closed, no access for **<span style="color:blue">Blue</span>** |
| **<span style="color:blue">Blue</span>** | -> | **<span style="color:orange">Orange</span>** | Closed, no access for **<span style="color:blue">Blue</span>** |
| **<color blue>Blue</color>** | -> | **<color green>Green</color>** | Closed, use [DMZ pinholes](/configuration/firewall/rules/dmz-holes) or VPN|
| **<span style="color:blue">Blue</span>** | -> | **<span style="color:green">Green</span>** | Closed, use [DMZ pinholes](/configuration/firewall/rules/dmz-holes) or VPN|
| **<color green>Green</color>** | -> | **Firewall** | Open |
| **<span style="color:green">Green</span>** | -> | **Firewall** | Open |
| **<color green>Green</color>** | -> | **<color red>Red</color>** | Open |
| **<color green>Green</color>** | -> | **<color orange>Orange</color>** | Open |
| **<color green>Green</color>** | -> | **<color blue>Blue</color>** | Open |
| **<span style="color:green">Green</span>** | -> | **<span style="color:red">Red</span>** | Open |
| **<span style="color:green">Green</span>** | -> | **<span style="color:orange">Orange</span>** | Open |
| **<span style="color:green">Green</span>** | -> | **<span style="color:blue">Blue</span>** | Open |