wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


configuration:firewall:migration

Firewall Migration Guide

This page contains information and steps which should be done on existing installations after the update to IPFire 2.15 has been installed. Please carefully read through the single steps and follow the instructions.

Step 0: Before starting the upgrade

Before you start the upgrade, please check out that everything is alright. Make a backup.

Aliases

If you configured your RED interface in “static” mode and you are using aliases, please make sure that every alias has got a proper name.

Step 1: Configured Firewall Groups

One of the first actions after the migration process has been finished should be a look on previously created firewall groups if they still exist and contain all configured hosts or networks.

In case of missing hosts or networks please check the converter's logfile stored in “/var/log/converters”.

Because of technical restrictions (the old firewall hasn't got an option for host names), the converted entries have got a default name based on the following scheme:

host <ip-address>

We recommended to edit and change the names to a more meaningful one.

When you haven't used firewall groups before you can skip this step and continue with the next one.

Step 2: Check the converted Ruleset

The next step is a check of every section on the firewall rules page. Please verify that all existing rules have been successfully converted, host addresses, networks, ports and port ranges still are valid and are assigned to the correct rule.

After migration there are log file under /var/log/converters called

  • outgoing-convert-log
  • portfw-convert.log
  • dmz-convert.log

If you face any missing rules you should check these files for errors.

This is a very important step so please double check and test your ruleset!

Step 3: Move firewall local rules

The old firewall GUI was very limited for creating a various amount of rules which has dramatically be improved and a huge set of them now can be configured directly on the WUI. When you have created any custom rules at your firewall.local a very appreciated step is the movement of them to the improved firewall. You will benefit in an automatic store of this rules in created backups and the rules will be displayed in the rules overview where you easily can manipulate or remove them.

Step 4: Done

Congratulations. All checks have been passed, we wish you a lot of fun with the new improved firewall!

configuration/firewall/migration.txt · Last modified: 2014/05/09 11:07 by MichaelTremer