Firewall reject port not working?


Situation is, installed nethserver 6.8 on a vps with only green nic.

I also installed icewarp mail server (comes with custom apache for mail-client) and disabled postfix.

Now when I have ssl access to this mail client, I wanted to disable port 80 via firewall.

In firewall objects, services port 80.

In firewall rules, reject from any to any, service http.

Unfortunately, I still have access via http://

At the moment, it seems, port 80 ist closed to outside, and not to inside.

Maybe someone can describe me, how to handle firewall with only green interface?

“Trusted network” of course is also my green interface into wan.

Update: when rule is source:red and dest:green, service http, internet is reachable from inside.

@wonderbar any to any or any to red on services? Sorry only green interfaces.

you can send us a screenshot @wonderbar

Well, maybe I get it wrong but,

if you have only green interfaces the Firewall UI is not required because “Firewall rules” page on NS6 allows only the filtering of packets that traverse the firewall from one zone to another.

Access to services running on the firewall itself should be tweaked on “Security > Network Services” page.

BTW I’m working on NS7 and I’m planning to show also on “Firewall rules” page the rules for locally running services (such as Apache). See this post NS7 display network services in firewall rules UI

1 Like

you are right @davidep

So it can work rules, traffic must pass through the firewall

I do not know, the tests is conducting , but if @wonderbar edit network services?