lawrence_lee_lee

[Log in to get rid of this advertisement]

When I start firestarter by,

sudo /usr/sbin/firestarter

Everything are fine, and the graphic interface came out. However, after I edit the "sudoers" file by appending the following:

[my user name] ALL=NOPASSWD:/usr/sbin/firestarter

I started firestarter again. This time it gave me the following errer message,

Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
(firestarter:6236): Gtk-WARNING **: cannot open display:

What's going on?

Simon Bridge

Presumably you just want your firewall to start when you start the computer... in which case, add it to your startup programs (gnome) or to /etc/rc.local. But you are trying the other method in the firestarter docs...

did you remember to edit sudoers with

sudo visudo -f /etc/sudoers

and the line should be:

[my user name] ALL=NOPASSWD: /usr/sbin/firestarter

(spot the extra space)

rickh

Noting to do with sudo, but...

Many people have a difficult time grasping the fact that once you have initialized Firestarter, and set up your rules, you not longer have to initialize the GUI unless you want to change a rule.

The rules you have set in place will be there when your system boots.

Simon Bridge

I understood that firestarter was a GUI for iptables ... I didn't know that installing firestarter also makes sure iptables runs an startup.

It is a wee bit puzzling that someone wants to be able to change the firewall rules unauthenticated. I'll have to hover around 'till OP leaves that machine unattended then swiftly change the rules to lock him out

rickh

Well on Debian, iptables starts on boot by default. All Firestarter does is add new rules. I don't actually know whether that's the case on other distros.

After further thought: Actually, I guess I'm not even positive iptables starts by default. The first thing I always install is Firestarter, and I've never worried about it. On Debian, once Firestarter is installed and activated, the firewall is definitely activated upon boot.

I'm going to be installing a new system next week. Guess I'll check to see if iptables starts by default before I install Firestarter.

Wim Sturkenboom

In Ubuntu the rules don't have to be applied at startup of the system. In my old setup (without router), the rules were only applied when I brought the pppo interface up.

lawrence_lee_lee

Thanks everyone so much!

But I am still worried. I've installed firestarter. But I am quite sure that it does not activate upon booting AND logging in. I have to start it manually every time I start my computer!

I know it does not activate, because I did a online port scan. After I switch on the firestarter manually and do the online port scan again, all the ports become stealth.

What should I do??

Simon Bridge

In my system, from hoary on up, the rules are not brought up until I say so. Has never appeared upon ppp0 ore eth0 activating. Never found any default rules. How did you manage it?

Since you posted, I've been looking for hide or hair of a default Ubuntu firewall. I found ubuntu-firewall-cfg but not on my system.

No firewall by default.

There are threads around here someplace about how to bring the firewall up without a password with people trying stuff like cron and sudo hacks. This thread reminded me of them.

In the case of firestarter, I think I'd like to know how it starts iptables... if it does. The firestarter documentation kinda implies that it dosn't, but dosn't actually spell it out.

brianL

I wrote notes on this when I had Ubuntu (don't know where I found the information):
Go to System -> Preferences -> Sessions -> Startup Programs -> New
Type in Name: Firestarter
Type in Command: sudo firestarter --start-hidden

Simon Bridge

brianL is correct - for gnome. You can also add the command

firestarter --start-hidden

at the end of /etc/rc.local

you can see if the firewall is active by examining the output of:

iptables -L

... if it has a load of policy ACCEPT and no conditions, the firewall is not up.

rickh

I have never added any triggers to start it, but during the boot process I see a message that the Firestarter firewall has been started, and after a fresh boot, ... # iptables -L -n includes the rules I have set up in Firestarter.

My primary firewall is the NAT one built into my router, but I have specifically left ports open thru it that I sometimes use; e.g. ports used by P2P programs. By default those ports are closed in Firestarter, and I only open them as necessary. I also have a Firestarter rule that all connections should be accepted from PCs behind my router.

One of the iptables rules enacted at boot (without ever activating the Firestarter GUI) is ...
ACCEPT all -- 192.168.123.0/24 0.0.0.0/0

Wim Sturkenboom

It is (or was) a question that is asked when you setup either pppoe or firestarter.
If you search the /etc directory and its subdirectories for iptables, you should be able to find out how iptables are configured and started.

At this moment my Ubuntu system is down due to renovation of our kitchen, so no chance of checking.

lawrence_lee_lee

Thanks everyone so much! I've finally made it! The firewall can now automatically start upon booting! Thanks!

Simon Bridge

Fair enough - having not set up either.

At east OP is happy Well done.

rickh

For the record, on Debian, the base setup starts iptables with all ports open. When Firestarter is installed and initialized, without asking any permission, it starts up on every reboot with a "reasonable" set of rules including those specifically entered by you.