[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

change in behavior of iptables with respect to firestarter

I'm running Firestarter 1.0.3 on Debian testing (both systems involved in this message).

A number of months ago I was in a situation where I wanted to establish an SSH connection from my notebook to a desktop system. Because the network on which this desktop system resides is less well controled than I'd like I used Firestarter to configure the iptables to allow connections on port 22 only from one specific IP address, the one assigned to the notebook.

At that time, no system with any other IP address could connect to the desktop. (I tested it.) Now that I need to use the notebook again at this location and want to use the systems in the same way again I find that I can connect to that desktop from ANY IP address on the network. When I look at the policy page in Firestarter on the desktop I see that only the one IP address assigned to the notebook is supposed to be allowed to connect on port 22. (There are no other exceptions.)

If I manually start Firestarter on the desktop, then I can only connect to it from the specified IP address. After I reboot the desktop I can once again connect to the desktop from any IP address, given that I use the correct user name and password, of course.

I checked the other way around by trying to connect to the notebook from the desktop. The notebook is "promiscuous", too -- unless I actually have started Firestarter during an operating session, I will be able to connect to the notebook from the desktop (as long as I have the correct user name and password) even though I have set the notebook to allow no connections whatsoever.

This is not how it used to work. A few months ago, regardless of whether or not I actually started the Firestarter interface during a session, the policy applied to iptables by Firestarter would hold for these systems through restarts.

Could someone help me, please? I tried searching the firestarter list's archive, and I tried to join their list and post this question, but the list's moderator hasn't got back to me. It appears that the rules I want in iptables are not in effect at all until I actually bring up the Firestarter user interface during a given session. Once I log off (restart not necessary) the rules are apparently reset to the default.


Reply to: