On 10/27/2010 07:23 PM, Rob Owens wrote:
I'm inclined to call it a bug in firestarter, but to be sure, test it out with Network Manager instead of wicd. See if you have the same problem. I think you will, which will indicate the problem is with firestarter (or possibly with the way you configured firestarter). -Rob
I did try purging firestarter, re-installing it, and starting over with an extremely simple configuration (just basic deny all incoming but without ICMP filtering). It still wouldn't come up on a system configured to work with wicd managing multiple fixed IP addresses.
The funny thing is that I have been using firestarter because it was "easy". I also tried gufw as an alternative because it was "easy".
With firestarter I could configure the firewall the way I wanted it to work (accepting only ssh connections from particular IP addresses), but it wouldn't start reliably.
Gufw was totally reliable in my testing, but didn't offer anything like the flexibility of firestarter in configuration of the firewall.
So I just tried using ufw. As far as I'm concerned, it's easier to understand its man pages and use it from the CLI than it is to use the gufw front end. So, I'm happy.
I guess I didn't need no stinkin' GUI. ;-)Firestarter is pretty impressive, but it's history for me in my particular circumstances. It looks to me as though they may have compromised their reliability (at least for admittedly somewhat odd cases like mine -- I realize that most people who move among multiple networks these days are using DHCP.) by trying to provide access to so many advanced features through the GUI. I guess it requires a lot of conditionals testing before bringing up the firewall, and it's pretty hard to predict all the possibilities.
If I get time this weekend, I'll do as you suggest by setting up a system with Network Manager and Firestarter just to see if I can confirm that the issue lies with Firestarter. If I do so, it will only be in the hope that I just might be able to provide helpful feedback to the developers.
I only used firestarter (and then gufw) because I didn't want to get into using iptables for controlling netfilter, but the discovery of ufw has given me a much easier and more satisfying solution -- even though having "Ubuntu" firewall in Debian seems a little heretical. (I was surprised to see it in the repositories. I kind of hope the Debian folks don't decide to drop it.)
Thank you very, very much for your consideration, Rob. I know I've been a pest. I'll stop arising from the grave on this one now.
Regards, Gilbert