New Firewall Interface - Searching for testers

by Michael Tremer, April 10, 2013

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now


the IPFire developers are currently searching for people who would like to help testing a new features that is known as firewall 2013 or simply the new firewall interface for IPFire 2.13.

Alexander Marx is the main developer of this and tries to add some more features to the IPFire firewall engine, so it gets more versatile and is ready to handle even more complex environments. Of course, creating rules is still easy, so that beginners are also able to handle their firewall configuration.

The new features are as follows:

  • A unified web user interface (WUI) for all kinds of firewall rules. So there is no confusion any more about what “external access” means and you have the configuration at a glance.
  • Easier policy selection, so you can decide if you want to have an open network or a closed one on which you specifically allow every action.
  • It is possible to create host groups, so you can apply a number rules to a certain set of hosts very easily. Hosts can be grouped by their MAC addresses and/or IP adresses.
  • It is possible to define services, that map names to ports, so you don’t need to remember port numbers any more. For example: SMTP = TCP/25.
  • It is possible to create service groups, which can be used to allow one host or a group of hosts to access a certain set of services (i.e. ports and protocols).
  • There are a lot of predefined groups which make creating firewall rules much easier. You can easily select all hosts on the GREEN network, or all hosts on a remote site (see VPN).
  • VPN traffic can now be controlled with a simple set of rules, which was not possible before. IPsec and OpenVPN.
  • Source NAT rules can be configured in the WUI.
  • All rules can be automatically applied at a certain time range. So you can only allow to access certain services during the office hours.

The possibilities that come with this new interface are magnificent and we would like it very much to see this in the IPFire Firewall Distribution very soon! For that, we need to make sure that there are as few bugs as possible. Alexander and a bunch of people have already contributed very much and we would like to thank them, but to achieve our goal to make this ready for all users, there is still a lot to do.

So please go to the wiki pages, where you will find guides on how to run tests and how to report your results. We need you to install the beta version of the software and see if all rules can be converted properly and if new rules can be inserted. It is possible to uninstall the beta software, so you don’t need to worry that you have to reinstall your IPFire installation.

Remember that you are not alone in this. So if there is a problem, talk to someone on the forums and we will figure it out.

Your help is appreciated! The more people contribute, the sooner this is going to be ready for the next core update.