change in behavior of iptables with respect to firestarter
I'm running Firestarter 1.0.3 on Debian testing (both systems involved
in this message).
A number of months ago I was in a situation where I wanted to establish
an SSH connection from my notebook to a desktop system. Because the
network on which this desktop system resides is less well controled than
I'd like I used Firestarter to configure the iptables to allow
connections on port 22 only from one specific IP address, the one
assigned to the notebook.
At that time, no system with any other IP address could connect to the
desktop. (I tested it.) Now that I need to use the notebook again at
this location and want to use the systems in the same way again I find
that I can connect to that desktop from ANY IP address on the network.
When I look at the policy page in Firestarter on the desktop I see that
only the one IP address assigned to the notebook is supposed to be
allowed to connect on port 22. (There are no other exceptions.)
If I manually start Firestarter on the desktop, then I can only connect
to it from the specified IP address. After I reboot the desktop I can
once again connect to the desktop from any IP address, given that I use
the correct user name and password, of course.
I checked the other way around by trying to connect to the notebook from
the desktop. The notebook is "promiscuous", too -- unless I actually
have started Firestarter during an operating session, I will be able to
connect to the notebook from the desktop (as long as I have the correct
user name and password) even though I have set the notebook to allow no
This is not how it used to work. A few months ago, regardless of whether
or not I actually started the Firestarter interface during a session,
the policy applied to iptables by Firestarter would hold for these
systems through restarts.
Could someone help me, please? I tried searching the firestarter list's
archive, and I tried to join their list and post this question, but the
list's moderator hasn't got back to me. It appears that the rules I want
in iptables are not in effect at all until I actually bring up the
Firestarter user interface during a given session. Once I log off
(restart not necessary) the rules are apparently reset to the default.