Never Installed a Firewall on Ubuntu? Try Firestarter

[pyth0n3]

Introduction

If I have an option of giving a brief description about firewall I would say “a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.“ A firewall does not guarantee security but it is in most environments the first line of defense against network based attacks.

Firestarter is a friendly graphical interface that allows you to configure a software firewall in Linux using the built-in IPtables/IPchains utilities. It is an open source GUI firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. By the end of this article, the user will be able to install and configure Firestarter and will also be able to live a secure and healthy life... over the internet.

Prerequisites

This howto assumes you have Ubuntu installed on your machine with internet connection.

Note: This tool should NOT be used on any production machine.

Install Firestarter

Firestarter is very simple "even a caveman can install it". It's contained in most distribution's repositories. In Ubuntu and Debian-based distributions, Firestarter can be installed by running:

$sudo apt-get install firestarter

This will install Firestarter and all necessary dependencies.

Setup Wizard

In order to start the Firestarter application, click on System > Administration > Firestarter.

When you run Firestarter for the first time it will allow you to setup your initial firewall configuration. In the initial step it will detect your network devices and then gives you the option from drop down menu you to select your network device. You also have an option of enabling dial-out (for modem users) or IP address is assigned via DHCP.

If you are using a router for internet connection then check your router's settings to see if you are using DHCP to assign local IP addresses (it would be DHCP a if you did not configured static IP). If you're not using a router, whether or not you have a dynamically-assigned IP address depends upon your Internet Service Provider.

Once you check the options according to your network settings, click forward, it will now ask you to configure Internet Connection Sharing. If the system you are installing on is a network computer then you should enable this. You also have to select the device type of your network (mostly a hub or switch). Leave the Internet Connection Sharing disabled if you're not using your computer as a router.

Next, it will ask you to save your settings and open Firestarter.

The GUI

Firestarter main application window consist of three tabs: Status, Events, and Policy. These three tabs are described below: Status

This windows gives you the current status of your firewall application; whether it is active, disabled or locked.

It consist of three states:

Active: Indicates the firewall is up and running

Disabled: Indicates the firewall is turned off and all connections are allowed through

Locked: Indicates all connections are refused

Events

Events tab consist of the list of attempted connections that it has blocked it. Here you should focus on the entries that are listed in red, all others should not be considered as a threat.

Policy

The Policy window is where you define the rules for your firewall. You can create your own policy which includes enabling/disabling of inbound or outbound traffic. And these rules can be applied on hosts or ports. You can create your own rule by right clicking on the desired list of host or ports and then select “Add Rule”

For example, you are running an SSH server you want to add a rule on the bottom list, selecting "SSH" for the service name, and Firestarter will automatically fill in the default port (in this case, port 22). You can then set whether you want to allow connects from all addresses ("Anyone"), or whether you want to limit connections by IP address, hostname, or network.

It is not recommended to check the “Anyone” option since it could allow anyone to compromise your network security. Assigning an IP/host or network is more secure option. Inbound Policy controls the incoming traffic coming from the internet and the local network to the firewall. The default settings for inbound is appropriate. However, it can create exceptions if you modify the changes in accordance to your needs.

The three inbound policy groups are:

Allow connections from host: As the name itself is pretty explanatory. It will allow the traffic from the host which you will add here it marks it as a trusted source.

Allow service: It consist of two parameters, the service and the target. Firestarter will try to determine the service name itself, but the user is also free to enter the name manually. The target can be one of three choices; Anyone, LAN clients, or a user specified IP, host or network.

Forward service: The last inbound policy group is Forward Service. This group is only active if you have enabled Internet Connection Sharing. It also consist of two parts, service and the target

Outbound Policy controls outgoing traffic to the Internet from the firewall and any LAN clients. The default outbound policy is permissive. This means you and any clients connected to the local network are able to browse the net, read email, etc. unrestricted.

Permissive mode

The permissive outbound mode, marked "Allow outbound traffic not denied" on the policy page, allow you to specify rules that limit outbound connections.

Restrictive mode

The restrictive outbound mode on the other hand, marked "Deny outbound traffic not allowed" on the policy page, means you explicitly specify which connections are allowed out. When this mode is enabled for the first time some basic rules are already present in the system. These rules permit the secured hosts to access the DNS, DHCP and HTTP services so that you do not accidentally end up in a situation where you are unable to reach the web or further assistance. Once you know for sure you wish to enable the restrictive outbound policy, you can freely remove these rules.

Preferences

Firestarter walks you through the basic steps but in order to experience some advanced features you can go to preferences.

Interface

Firestarter does not interrupt your work. Here you have an option of minimizing the Firestarter to system tray. By doing so it will not exit the application and Firestarter will be running in the background and will notify you of any suspicious blocked alert by turning its icon in to red.

ICMP Filtering

The Internet Control Message Protocol (ICMP) provides a way for IP stacks to send simple messages containing information or errors. Here you are able to optimize the ICMP settings.

The options “Echo Request” and “Echo Reply” advert to how your firewall handles pings. You can check the option of echo request and it will allow all the outgoing pings. If you would like to block the incoming pings you can check the option of echo reply.

ICMP Filtering carries other options as well. One of the option that ICMP filtering consist is Traceroute which can prevent your machine from being traced via traceroute.

ToS FilteringThis option allows you to set priority on the use of network traffic. It can set the priorities for the processes of your workstation and server (if you have installed both). In short, you have the option of increasing or decreasing the throughput or reliability for certain applications.

Please review Firestarter documentation to learn more.

Conclusion

“The way to be safe is never to feel secure”. When we use the high-speed internet without having any security tool installed, it gives the enormous opportunity to “them” means the malicious folks on the internet who are desperate to attack on your network and severs. No one can guarantee 100% security but at least you can consider yourself in the loop of reasonable security using Firestarter, without having any prerequisite of in-depth knowledge of TCP/IP security.

linuxsecurity.com

[Flubber]

thanks for sharing pyth0n3, imi va fi de folos cat de curand cand va venii vorba de o retea

mish: abtine-te

[vizitatoru123]

Cearta degeaba, fiecare posteaza ce vrea.

Este pur si simplu un tutorial care uni il considera folositor, altii nu.

Keep it up pyth0n3

[begood]

am curatat threadul. no more offtopic !