13586 – Implement DHCP scope and firewall changes for Orange network

Bug 13586 - Implement DHCP scope and firewall changes for Orange network

Summary: Implement DHCP scope and firewall changes for Orange network

Status:	CLOSED CANTFIX

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	all All

Importance:	- Unknown - Minor Usability
Assignee:	Assigned to nobody - feel free to grab it and work on it
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-02-13 08:38 UTC by dnl
Modified:	2024-03-11 11:43 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description dnl 2024-02-13 08:38:47 UTC

There have been a few forum threads from users wanting an additional IPFire network.  Please consider adding DHCP to the Orange network so it can be used as either a DMZ OR an additional general purpose internal network.

Adding DHCP to Orange would:

* Increase the flexibility of IPFire
* While not significantly increasing complexity
* Be much less work than supporting a new network type (or multiple new networks)
* Allow for the use of DHCP with static leases in a DMZ anyway

I would imagine that the work required would include:

* Adding a new Orange DHCP scope and related firewall rules.
* Add the new DHCP scope to 'DHCP configuration' page in WUI.
* (bonus - for extra usability) add (non-default) option to have unbound listen on the Orange IP and permit DNS queries from it (I feel that adding proxy access also is unnecessary).

I can write up new documentation for changes in the Wiki.


If you're unwilling to do this, could you please briefly explain your reasoning?

Thank you!

Comment 1 Michael Tremer 2024-03-11 11:42:56 UTC

(In reply to dnl from comment #0)
> There have been a few forum threads from users wanting an additional IPFire
> network.  Please consider adding DHCP to the Orange network so it can be
> used as either a DMZ OR an additional general purpose internal network.

Using the ORANGE network for this is not a good idea. It is designed as a DMZ and there are many places throughout the entire system where things have been coded that way.

> Adding DHCP to Orange would:
> 
> * Increase the flexibility of IPFire
> * While not significantly increasing complexity
> * Be much less work than supporting a new network type (or multiple new
> networks)
> * Allow for the use of DHCP with static leases in a DMZ anyway

I agree with those goals, but repurposing ORANGE is not the right way.

> If you're unwilling to do this, could you please briefly explain your
> reasoning?

If we are talking about adding the option to add more network zones that follow the "GREEN" schema, then I am not against that at all. However, the development team has made the decision to rewrite the entire network stack and release that with IPFire 3. The legacy code that IPFire 2 uses would make this a lot of work.

I will close this with CANTFIX because we don't have an option for "Will do this later".