The community-maintained documentation platform of IPFire

User Tools

Site Tools


Creating a DMZ Pinhole

This guide explains how to setup a DMZ pinhole. Please checkout out the firewall rules reference for further description.


In the former firewall GUI that came with IPFire up to version 2.13, a DMZ pinhole was a forwarding from the orange zone to the blue and/or green zone. For easy migration, we explain here what you need to do on the new interface.

How to set it up?

To create a new DMZ pinhole, head over to the “firewall” tab on the IPFire Web User Interface and hit the “New rule” button.

Step 1: Source

In the first section, you have to define the source network or IP address from where the network packages will be sent. If you can, restrict the access as best as you can by selecting a single host or group of hosts rather than a complete network.

Step 2: Destination

Now, you will need to pick the destination for your network packages. This again could be a single host or a complete network which needs to be accessed. You can either select it from the dropdown boxes or enter the IP address directly.

Step 3: Protocol

You will want to pick one or more services that will be accessible on the machine or network you just choose, select “All” here is also possible but may be a security risk.

Step 4: Done

We are almost done, now. Just make sure that you select the “ACCEPT” option, so that all packets that match your rule are accepted by the firewall and don't forget to add a descriptive remark.

Optionally, you may specify at which time the rule is active only. See Creating Firewall Rules (reference) for all about this feature.

Congratulations. You finally set up your DMZ pinhole!

configuration/firewall/rules/dmz-holes.txt · Last modified: 2018/08/20 23:02 by Jon