LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Never Installed a Firewall on Ubuntu? Try Firestarter Print E-mail
User Rating:      How can I rate this item?
Source: www.linuxsecurity.com - Posted by Burhan Syed   
Article Index
Never Installed a Firewall on Ubuntu? Try Firestarter
Page 2
Features When I typed on Google “Do I really need a firewall?” 695,000 results came across. And I'm pretty sure they must be saying “Hell yeah!”. In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing. Read on for more information on Firestarter.

Introduction

If I have an option of giving a brief description about firewall I would say “a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.“ A firewall does not guarantee security but it is in most environments the first line of defense against network based attacks.

Firestarter is a friendly graphical interface that allows you to configure a software firewall in Linux using the built-in IPtables/IPchains utilities. It is an open source GUI firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. By the end of this article, the user will be able to install and configure Firestarter and will also be able to live a secure and healthy life... over the internet.

Prerequisites

This howto assumes you have Ubuntu installed on your machine with internet connection.

Note: This tool should NOT be used on any production machine.

Install Firestarter

Firestarter is very simple "even a caveman can install it". It's contained in most distribution's repositories. In Ubuntu and Debian-based distributions, Firestarter can be installed by running:

$sudo apt-get install firestarter
This will install Firestarter and all necessary dependencies.

Setup Wizard

In order to start the Firestarter application, click on System > Administration > Firestarter.

When you run Firestarter for the first time it will allow you to setup your initial firewall configuration. In the initial step it will detect your network devices and then gives you the option from drop down menu you to select your network device. You also have an option of enabling dial-out (for modem users) or IP address is assigned via DHCP.

If you are using a router for internet connection then check your router's settings to see if you are using DHCP to assign local IP addresses (it would be DHCP a if you did not configured static IP). If you're not using a router, whether or not you have a dynamically-assigned IP address depends upon your Internet Service Provider.

Once you check the options according to your network settings, click forward, it will now ask you to configure Internet Connection Sharing. If the system you are installing on is a network computer then you should enable this. You also have to select the device type of your network (mostly a hub or switch). Leave the Internet Connection Sharing disabled if you're not using your computer as a router.

Next, it will ask you to save your settings and open Firestarter.

The GUI

Firestarter main application window consist of three tabs: Status, Events, and Policy. These three tabs are described below: Status

This windows gives you the current status of your firewall application; whether it is active, disabled or locked.

It consist of three states:



Active: Indicates the firewall is up and running

Disabled: Indicates the firewall is turned off and all connections are allowed through

Locked: Indicates all connections are refused

Events

Events tab consist of the list of attempted connections that it has blocked it. Here you should focus on the entries that are listed in red, all others should not be considered as a threat.

Policy

The Policy window is where you define the rules for your firewall. You can create your own policy which includes enabling/disabling of inbound or outbound traffic. And these rules can be applied on hosts or ports. You can create your own rule by right clicking on the desired list of host or ports and then select “Add Rule”



For example, you are running an SSH server you want to add a rule on the bottom list, selecting "SSH" for the service name, and Firestarter will automatically fill in the default port (in this case, port 22). You can then set whether you want to allow connects from all addresses ("Anyone"), or whether you want to limit connections by IP address, hostname, or network.

It is not recommended to check the “Anyone” option since it could allow anyone to compromise your network security. Assigning an IP/host or network is more secure option. Inbound Policy controls the incoming traffic coming from the internet and the local network to the firewall. The default settings for inbound is appropriate. However, it can create exceptions if you modify the changes in accordance to your needs.

The three inbound policy groups are:

Allow connections from host: As the name itself is pretty explanatory. It will allow the traffic from the host which you will add here it marks it as a trusted source.

Allow service: It consist of two parameters, the service and the target. Firestarter will try to determine the service name itself, but the user is also free to enter the name manually. The target can be one of three choices; Anyone, LAN clients, or a user specified IP, host or network.

Forward service: The last inbound policy group is Forward Service. This group is only active if you have enabled Internet Connection Sharing. It also consist of two parts, service and the target

Outbound Policy controls outgoing traffic to the Internet from the firewall and any LAN clients. The default outbound policy is permissive. This means you and any clients connected to the local network are able to browse the net, read email, etc. unrestricted.

Permissive mode

The permissive outbound mode, marked "Allow outbound traffic not denied" on the policy page, allow you to specify rules that limit outbound connections.

Restrictive mode

The restrictive outbound mode on the other hand, marked "Deny outbound traffic not allowed" on the policy page, means you explicitly specify which connections are allowed out. When this mode is enabled for the first time some basic rules are already present in the system. These rules permit the secured hosts to access the DNS, DHCP and HTTP services so that you do not accidentally end up in a situation where you are unable to reach the web or further assistance. Once you know for sure you wish to enable the restrictive outbound policy, you can freely remove these rules.

Preferences

Firestarter walks you through the basic steps but in order to experience some advanced features you can go to preferences.

Interface

Firestarter does not interrupt your work. Here you have an option of minimizing the Firestarter to system tray. By doing so it will not exit the application and Firestarter will be running in the background and will notify you of any suspicious blocked alert by turning its icon in to red.



ICMP Filtering

The Internet Control Message Protocol (ICMP) provides a way for IP stacks to send simple messages containing information or errors. Here you are able to optimize the ICMP settings.



The options “Echo Request” and “Echo Reply” advert to how your firewall handles pings. You can check the option of echo request and it will allow all the outgoing pings. If you would like to block the incoming pings you can check the option of echo reply.

ICMP Filtering carries other options as well. One of the option that ICMP filtering consist is Traceroute which can prevent your machine from being traced via traceroute.

ToS Filtering This option allows you to set priority on the use of network traffic. It can set the priorities for the processes of your workstation and server (if you have installed both). In short, you have the option of increasing or decreasing the throughput or reliability for certain applications.

Please review Firestarter documentation to learn more.

Conclusion

“The way to be safe is never to feel secure”. When we use the high-speed internet without having any security tool installed, it gives the enormous opportunity to “them” means the malicious folks on the internet who are desperate to attack on your network and severs. No one can guarantee 100% security but at least you can consider yourself in the loop of reasonable security using Firestarter, without having any prerequisite of in-depth knowledge of TCP/IP security.

References

Comments
ufwWritten by Bill Goldberg on 2008-09-26 05:44:34
I prefer ufw. 
 
It's a great way and easy way to control your ip-tables. 
 
It's a cli app, but there is a nice GUI for it called GUFW. 
 
The GUFW is a bit easy and not as versatile as ufw itself.
Written by anonymus coward on 2008-09-26 15:57:06
Firestarter is not a firewall. It's just a graphical tool used for configuring the _already installed_ firewall (iptables). 
I guess I'm not the right audience for this article throuth ;)
Written by Gary on 2008-09-27 12:24:11
Author states we need a firewall then recommends Firestarter. But a disclaimer is found early on saying "Note: This tool should NOT be used on any production machine.: 
 
For home users, a "production" machine is any machine used regularly that faces the internet. 
 
If by "production" machine the author means a server, then he should have made that clear. The way it stands right now, the author contradicts himself by recommending then discouraging its use.
mrWritten by Vadim P. on 2008-09-27 13:29:23
Same with gufw: http://gufw.tuxfamily.org/index.html 
 
Last firestarer was 4 years ago, last gufw release was a week ago.
Firestarter is a dead projectWritten by rogeriopvl on 2008-09-28 09:31:19
I'm amazed how anyone still advises the use of such an old piece of software. 
 
Gufw is the best choice. And anyway, unless you have some services listening on your network, you won't need a firewall in Ubuntu.
The little Penguin DudeWritten by LIsa Burgett on 2008-09-28 12:32:16
OMG I absolutely love that little penguin guy! he is just so cute! 
 
Lisa 
www.privacy.es.tc
arno-iptables-firewallWritten by Greg Donald on 2008-09-28 13:08:09
apt-get install arno-iptables-firewall 
 
Been using it for ages, works great.
But if you want something a little bit mWritten by andre on 2008-09-28 15:22:11
you can't really do enteprise firewalls with this toy firewallstarter... home lan? sure... for something bigger, get firewall builder... 
awful articleWritten by awful on 2008-09-30 23:13:17
awful article
Why Firestarter?Written by Chris Lees on 2008-10-01 03:20:24
Most people access the Internet through an ADSL modem router. Most of these have firewalls built-in, making it unnecessary to configure an additional one on your computer itself (unless you don't trust your own network's traffic!). 
 
Furthermore, for home users on Ubuntu, Firestarter is a bit complicated. Gufl is an easier program that does pretty much everything that a home user could want from a firewall configurationer.
UnsupportedWritten by prog on 2008-10-02 00:35:24
ufw is the default in Ubuntu and works well enough. Firestarter has been unsupported for a while now.



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.