Re: Confounded by Firestarter "Issues"...

[Ralph Katz <ralph.katz@rcn.com>]

On 07/21/04 03:30, listcomm@ml1.net wrote:
> I'm trying to configure Firestarter (0.8xx) as a "Personal Firewall" (I
> know
> that's heresy in some quarters) and seem to be missing some fundamental
> information.

Heresy?  Why?

> I have it set up and running and I can get data through it.  The problem
> is that I can't seem to dope out how to properly set it up for packet
> filtering

This is not a difficult package to install; I did it as a non-technical 
newbie.  Maybe you're making it more complex than it is?

I run Firestarter 0.9.2 and haven't touched it since installation in 
November.  It just runs automatically from the init script, like all the 
other Linux services.  I just opened it up now to remember what it looks 
like. ;)  Its GUI is very easy to use to configure your firewall, and I 
use it to protect this desktop box.  If you use the pull-down menu item 
Edit -> Preferences -> Services, just check the boxes for services you 
want enabled to the public.  It's as easy as configuring ZoneAlarm, but 
even  more configurable, as I recall.

> Supposedly (at least according to dicsucsions on the "sourceforge"
> website),
> it should by default block all incoming data *except* that which is
> being sent
> back in response to an outgoing communication (all of which are supposed
> to
> be enabled, by default).  It doesn't do any of that...  I ended up

Mine works out-of-the box.  I do remember changing some of the settings, 
as needed, in the preferences from the GUI, as mentioned above.  I 
changed Reject to Deny, for example.

> I thought the idea was to explicitly permit only certain *ports* to
> communicate,
> but so far, I can't figure out any way to make *that* work...  

Use the Preferences to do this for Incoming by type of Service.  I don't 
see how to do that for Outgoing, or even if that is a capability of 
Firestarter.  Remember, this isn't windows -- you don't need the same 
kind of "leak" protection from rogue programs calling home (I hope).

> Is there some dark secret to determining exactly which ports what
> processes/programs
> are using, so that they can be selectively enabled in the Firestarter
> "rules"?

Standard protocols.

> Or is there some obscure requirement for syntax in specifying ports
> (i.e. more
> than just the port number or service name?) that's somehow escaped me?
>
> Thus far, no amount of Web trolling has produced any specific answers...
> I'm
> about to go delve into some of the Unix security books... hopefully
> someone here
> can enlighten me?

Have you looked at http://firestarter.sourceforge.net/manual/rules.php ?

Regards,
Ralph