Firestarter: Simple to use, powerful desktop firewall
Every PC needs protection. Even though the Linux operating system has a reputation for being nearly crack-proof, it is irresponsible to assume this true. Any operating system connected to a network is vulnerable in some way or other and having as much protection as you can is the only way to use a computer intelligently.
Now with the Linux operating system you have a lot of choices for protection. But one of the easiest to use is Firestarter. Firestarter is one of the easiest-to-use firewalls I have used. And with this simplicity does not come a sacrifice to security. Just because it's easy does not mean it lacks protection. Firestarter is powerful and has a ton of features. In this article you will learn how to install Firestarter and set up a basic desktop firewall.
Firestarter includes such features as:
- Setup wizard.
- Real time event viewer.
- Easy port forwarding.
- ICMP parameter tuning.
- Advanced kernel tuning.
- Suitable for desktops, servers, and gateways.
and much, much more.
The installation of Firestarter is simple. Because it will most likely be found in your distributions' repositories you will only need to follow these steps for installation:
- Open up your Add/Remove Software tool.
- Search for "firestarter" (no quotes).
- Select Firestarter for installation.
- Click Apply.
- Enter your user password.
- Wait for the installation to complete.
- Close your Add/Remove Software utility.
You will find the Firestarter executable located in the Administration sub-menu of the System menu (in GNOME). When you first run Firestarter the wizard will open up. The first screen is the usual Welcome screen so you can just click the Forward button. The first screen you will have to do any configuration with is the Network Device Setup (see Figure 1). In this screen you need to set which interface Firestarter is to listen to. I am using a laptop so I will select my wireless device.
The next screen (see Figure 2) asks if you need to use internet connection sharing to set your machine up as a gateway. If you do you will need to first click the check box to enable it and then select an interface for the other machines to connect to. If you need to use your machine as a DHCP server you will have to have that installed outside of Firestarter.
Once you have taken care of connection sharing (if it is needed) click the Forward button and you're done. The last screen wants to know if you want to start the firewall immediately and has you save your configuration.
While Firestarter is running you will see a small icon in yourÂ notificationÂ area that looks like a blue circle with a right-pointing triangle. If you click on that it will open up the Firestarter main window (see Figure 3). From this window you can Stop the firewall, lock the firewall, view the events log, edit both your inbound and outbound policies, and monitor active connections.
In order to monitor active connections expand the Active Connections listing which will list every connection made to and from your machine. In both the Active connections section and the Events tab you can right click an entry and take action. For instance, in the Active Connections section you can right click an entry and look up the hostname of that entry. In the Events tab you can do more. If you right click an entry in the Events tab you can do the following:
- Allow connections from source.
- Allow inbound service for everyone.
- Allow inbound service for source.
- Disable events from source.
- Disable events on port.
- Lookup hostnames.
Finally, in the Policy tab, you can right click any blank area and add a rule that will apply to a connection from a host or to a port/service. When you go to add a rule you will only need enter the IP address (or domain) and then add a comment.
Firestarter makes the often daunting task of creating a firewall for a Linux machine simple. If you have ever dealt with iptables you will understand when I say this is a huge relief for desktop users who do not want to take the time to learn to use the underlying technology.Advertisement