Firewalls
 

I downloaded a security suite via Automatix which included 'Firestarter' firewall. My question is: Why do I need a firewall when my computer already has one? Does the likes of FS include additonal features such as blocking outgoing and incoming unwanted specific activity i.e. spyware?

"already has one". You mean you have a separate firewall/router device or that you have something like iptables running on the system itself?

The answer if the former is that the firewall/router protects things only to that point. All systems on the other side (e.g. internal to you or your organization) are unprotected. Having the latter protects the system itself from other internal systems. A couple of reason to have the latter even if you have the former:
1) A good portion of hacking especially for destructive purposes is done by disgruntled employees.
2) Even for home use it helps if someone has hacked one of your systems they don't automatically get access to all the others. They have to work out what you've left open etc...

In security it's all about "hardening the target". The harder it is to get to a given system the more likely it is they'll go try hacking elsewhere.

If you already have something like iptables running you probably don't need another firewall product on the same system. You mentioned it was a "security suite". It would be silly indeed if a security suite didn't include a basic firewall package. You probably can use the other components without using firestarter.

Firestarter is just a GUI configuration tool for IPTables. It lets you create an IPTables firewall without knowing IPTables commands.

While all Linux systems have IPTables built in, many don't configure it by default. (I don't know why)

--Ian

Using Ubuntu, so I guess it comes with IPTables. How do I know if it is configured to do an adequate job of protecting the syste if I can't see it? Also, on windows running two firewalls simultaneously confuses the system. Should I shut one off here on Ubuntu?

Try "sudo iptables -L" to see your firewall rules. Before you set anything up, each section of the output should be empty.

Like I said though, Firestarter is not a firewall. It is basically a config tool for IPTables.

--Ian

OK, this explains things more clearly. The output is not empty, though. I'll have to bone up on all these settings to understand them more.

One last question. If I turn off the firewall in Firestarter then should I assume that the iptables are disabled leaving my comupter with no active firewall?

Because there is no one good setup that works for everyone; security is the job of an administrator, and if people don't want to configure an iptables firewall or don't know how to do it, it'd be an odd job to setup one that doesn't suit their configuration.

will tell you if the firewall has some rules. If you clear the firewall with Firestarter it effectively just removes (flushes) all iptables rules. After that the above list command should not give any rules. When you add some, the above command shows them.

With Firestarter you can create iptables rules and "save" them, and when you boot they are loaded -- you can choose whether Firestarter is used to load them to iptables, or iptables itself. The result is just the same, so no matter which one you use. Firestarter does not need to be run manually or be visible after rules are created, it's merely a tool to edit the rules. You can do the same job with userspace command iptables and reading the man-page should give somekind of picture on how it's done; iptables.org tells more.

Very well explained...Now I get it!

Thanks for the input