This page covers common configuration steps for IPFire deployments.
Use the same configuration file referenced in the setup guide for your installation.
IPFire is mainly configured via its web interface (WUI), with backend state stored in system config files.
Typical management access:
https://<ipfire-lan-ip>:444
- Interfaces, VLANs, and routing
- Firewall rules and NAT policies
- VPN and remote access settings
- Logging and monitoring options
Recommended starting baseline:
- Define network zones correctly (
GREEN internal, RED WAN, optional ORANGE DMZ).
- Restrict management UI access to
GREEN only.
- Enable default deny inbound traffic from
RED.
- Configure DHCP only on internal trusted zones.
- Set DNS forwarders and NTP source explicitly.
Most admins should prefer WUI, but service-level checks are useful:
ip addr
ip route
Firewall and log inspection:
tail -n 100 /var/log/messages
- Keep zone assignments aligned with physical/virtual interface mapping.
- Use port-forward rules only when necessary and document ownership.
- Segment exposed services into DMZ (
ORANGE) when possible.
- Enable and monitor IDS/IPS features only when hardware capacity is sufficient.
- Back up IPFire configuration before updates.
Apply or reload the configuration via the UI or CLI.
In WUI-driven workflows, apply pending changes after edits and verify status pages.
Test connectivity and firewall rules to confirm configuration is valid.
Validation checklist:
- Clients in
GREEN can resolve DNS and reach WAN.
- Unsolicited inbound WAN traffic is blocked by default.
- Forwarded services respond only on intended ports.
- VPN connections (if enabled) establish and route correctly.
- Review firewall logs for repeated deny/allow anomalies.
- Audit NAT and port-forward entries regularly.
- Keep firmware/packages updated on maintenance windows.
- Validate backup restore path after major version upgrades.