A A
RSS

Setup a Software Firewall in Linux using Firestarter

Mon, Mar 2, 2009

Tweet this!

Introduction

One of the great features included in Linux is the IPtables firewall. Unfortunately, its command-line use is rather complex, and it can be intimidating for even experienced Linux users to configure it. Firestarter is a friendly graphical interface that allows you to configure a software firewall in Linux using the built-in IPtables/IPchains utilities.

Installation

Installing Firestarter is simple; it’s contained in most distribution’s repositories. In Ubuntu and Debian-based distributions, Firestarter can be installed by running:

sudo apt-get install firestarter

from the command line. This will install Firestarter and all necessary dependencies.

Setup Wizard

The first time you run Firestarter, it will greet you with a wizard which will enable you to setup the basic configuration for your firewall. First it will detect your network devices, and ask you to select one from a drop down menu, while also giving you the option of selecting whether you want to enable the firewall on dial-out (for modem users), and whether your IP address is assigned via DHCP.

Firestarter Wizard Network Configuration

If you are connecting to the Internet through a router, check your router’s settings to see if you are using DHCP to assign local IP addresses (if you didn’t setup static IP addresses for your network, you probably are). If you’re not using a router, whether or not you have a dynamically-assigned IP address depends upon your Internet Service Provider.

Next, Firestarter will ask if you want to setup Internet Connection Sharing. If you are using your computer as a firewall for your entire network – if other computers on your network connect to the Internet through your computer – then you want to enable this and select the network device that is connecting to the other computers, typically through a hub or a switch (this device will be different than the device used to connect to the Internet). If you’re not using your computer as a router, leave Internet Connection Sharing disabled.

Since this how-to will focus on the firewall aspects of Firestarter, I won’t address this particular feature in detail; for more information, visit the Firestarter documentation page here.

The Interface

Once you’ve completed the Wizard, Firestarter will run and you’ll see the main application window, which is made up of three tabs: Status, Events, and Policy.

Status
The Status window shows you the current status of your firewall; whether it is active, disabled, or locked-down. This tab also displays information about your network devices, such as how much traffic has passed through them (Sent/Received) and current activity. Click on “Active connections” to see a list of all currently connected machines; Firestarter will display the source and destination addresses, as well as the service being used and what application is using it. You’ll probably notice some familiar names, like your mail client, browser, and any application that uses the Internet.

Firewall status icons

Firestarter has three states: “Active,” which means that the firewall is running and applying rules to all connections (see the “Policy” section below); “Stopped,” or “Disabled,” which means that the firewall is turned off and all connections are allowed through; and “Locked” which will disallow connections entirely. Most of the time, you’ll probably want Firewall to run in Active mode, but in the event of a security breach (for example), you can quickly lock the firewall and disable the network entirely.

Policy
The Policy window is where you define the rules for your firewall. You can select whether to apply a rule to inbound or outbound traffic, and you can apply rules based on hosts (computers) or ports.

Inbound traffic policy

To create a rule, right-click on the appropriate list (the upper list for hosts, and the bottom for ports) and select “Add Rule.” If, for example, you are running an SSH server, you’ll want to add a rule on the bottom list, selecting “SSH” for the service name, and Firestarter will automatically fill in the default port (in this case, port 22). You can then set whether you want to allow connects from all addresses (“Anyone”), or whether you want to limit connections by IP address, hostname, or network.

Creating an inbound traffic rule

After you setup your rules, you’ll need to click the “Apply Policy” button for them to take affect.

Events
The Events tab is where Firestarter will list any attempted connections that it has blocked. Don’t be alarmed at everything that shows up here; generally speaking, only the entries listed in red represent any sort of threat. These are the connection attempts that are targeted at ports used by important system services.

Firestarter Events Window

For example, if you are running an SSH server, but you forget to open your SSH port in the Policy page, you’ll wind up seeing a blocked event in red when someone tries to connect.

Preferences

The Firestarter wizard only takes you through some of the most basic configuration options, so you’ll probably want to have a look at the Preferences window for more advanced setup.

Interface
One of the nice things about Firestarter is that it has the ability to minimize itself to the system tray; using this feature, you can keep your firewall running in the background, and simultaneously be alerted to any suspicious activity. When Firestarter blocks a connection, the tray icon will turn red.

Firestarter tray icon

ICMP Filtering
Firestarter allows you to set advanced controls over what type of ICMP requests you allow through your firewall.

Firestarter ICMP Filtering

The “Echo Request” and “Echo Reply” options refer to how your firewall handles pings. Disabling requests will prevent outgoing pings, while disabling replies will stop your machine from responding to incoming ones. For the most part, you’ll always want to leave open the ability to ping an outside machine, but you may want to prevent your computer from answering a ping. This will make it appear to potential attackers that there is “no one home” at your network address.

Other options in the ICMP filtering dialog are less common, but can still be useful all the same. The Traceroute option, for example, will prevent your machine from being detected via traceroute, even if it responds to pings. It will, however, prevent your own use of this function; the same goes for most ICMP filtering options, so be sure you aren’t using these tools before you deactivate them. For most people, it’s safe to leave them turned on.

ToS Filtering
The ToS filtering feature of Firestarter is particularly handy. It will allow you to set which types of applications receive priority in network traffic.

Firestarter ToS Filtering Window

If you happen to be running a server on your desktop, but your primary use of the computer is as your workstation, you might want to set Workstation processes as a priority over server ones; this means that if someone is using, for example, your HTTP server, his or her use will take a “back seat” to your own network use. You can set how you want to prioritize connections, as well; using the “throughput” option will allow the most traffic through the firewall, while the “reliability” option will lessen the amount of data being transferred in favor of a more dependable connection.

External Links

For more information on Firestarter, and the IPTables project it uses, have a look at these resources:
Firestarter Homepage
Firestarter Documentation
IPTables Homepage

Like this post?

One Response to “Setup a Software Firewall in Linux using Firestarter”

  1. sweety says:

    really good post for newbie for linux platform

Leave a Reply

Weekly Poll

What's the best Linux distribution for desktops?

View Results

Loading ... Loading ...

Search TechThrob

Advertisement