LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-20-2007, 03:07 AM   #1
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Rep: Reputation: 16
Problems with firestarter firewall


When I start firestarter by,

sudo /usr/sbin/firestarter

Everything are fine, and the graphic interface came out. However, after I edit the "sudoers" file by appending the following:

[my user name] ALL=NOPASSWD:/usr/sbin/firestarter

I started firestarter again. This time it gave me the following errer message,

Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
(firestarter:6236): Gtk-WARNING **: cannot open display:

What's going on?
 
Old 09-20-2007, 10:40 PM   #2
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
Presumably you just want your firewall to start when you start the computer... in which case, add it to your startup programs (gnome) or to /etc/rc.local. But you are trying the other method in the firestarter docs...

did you remember to edit sudoers with

sudo visudo -f /etc/sudoers

and the line should be:

[my user name] ALL=NOPASSWD: /usr/sbin/firestarter

(spot the extra space)

Last edited by Simon Bridge; 09-20-2007 at 10:42 PM.
 
Old 09-20-2007, 11:06 PM   #3
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
Noting to do with sudo, but...

Many people have a difficult time grasping the fact that once you have initialized Firestarter, and set up your rules, you not longer have to initialize the GUI unless you want to change a rule.

The rules you have set in place will be there when your system boots.
 
Old 09-20-2007, 11:31 PM   #4
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
I understood that firestarter was a GUI for iptables ... I didn't know that installing firestarter also makes sure iptables runs an startup.

It is a wee bit puzzling that someone wants to be able to change the firewall rules unauthenticated. I'll have to hover around 'till OP leaves that machine unattended then swiftly change the rules to lock him out
 
Old 09-20-2007, 11:40 PM   #5
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
Quote:
I didn't know that installing firestarter also makes sure iptables runs an startup.
Well on Debian, iptables starts on boot by default. All Firestarter does is add new rules. I don't actually know whether that's the case on other distros.

After further thought: Actually, I guess I'm not even positive iptables starts by default. The first thing I always install is Firestarter, and I've never worried about it. On Debian, once Firestarter is installed and activated, the firewall is definitely activated upon boot.

I'm going to be installing a new system next week. Guess I'll check to see if iptables starts by default before I install Firestarter.

Last edited by rickh; 09-20-2007 at 11:44 PM.
 
Old 09-21-2007, 12:34 AM   #6
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
In Ubuntu the rules don't have to be applied at startup of the system. In my old setup (without router), the rules were only applied when I brought the pppo interface up.
 
Old 09-21-2007, 02:27 AM   #7
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Original Poster
Rep: Reputation: 16
Thanks everyone so much!

But I am still worried. I've installed firestarter. But I am quite sure that it does not activate upon booting AND logging in. I have to start it manually every time I start my computer!

I know it does not activate, because I did a online port scan. After I switch on the firestarter manually and do the online port scan again, all the ports become stealth.

What should I do??
 
Old 09-21-2007, 02:33 AM   #8
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
In my system, from hoary on up, the rules are not brought up until I say so. Has never appeared upon ppp0 ore eth0 activating. Never found any default rules. How did you manage it?

Since you posted, I've been looking for hide or hair of a default Ubuntu firewall. I found ubuntu-firewall-cfg but not on my system.

No firewall by default.

There are threads around here someplace about how to bring the firewall up without a password with people trying stuff like cron and sudo hacks. This thread reminded me of them.

In the case of firestarter, I think I'd like to know how it starts iptables... if it does. The firestarter documentation kinda implies that it dosn't, but dosn't actually spell it out.
 
Old 09-21-2007, 04:48 AM   #9
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,030
Blog Entries: 52

Rep: Reputation: Disabled
I wrote notes on this when I had Ubuntu (don't know where I found the information):
Go to System -> Preferences -> Sessions -> Startup Programs -> New
Type in Name: Firestarter
Type in Command: sudo firestarter --start-hidden
 
Old 09-21-2007, 05:15 AM   #10
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
brianL is correct - for gnome. You can also add the command

firestarter --start-hidden

at the end of /etc/rc.local

you can see if the firewall is active by examining the output of:

iptables -L

... if it has a load of policy ACCEPT and no conditions, the firewall is not up.
 
Old 09-21-2007, 07:18 AM   #11
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
I have never added any triggers to start it, but during the boot process I see a message that the Firestarter firewall has been started, and after a fresh boot, ... # iptables -L -n includes the rules I have set up in Firestarter.

My primary firewall is the NAT one built into my router, but I have specifically left ports open thru it that I sometimes use; e.g. ports used by P2P programs. By default those ports are closed in Firestarter, and I only open them as necessary. I also have a Firestarter rule that all connections should be accepted from PCs behind my router.

One of the iptables rules enacted at boot (without ever activating the Firestarter GUI) is ...
ACCEPT all -- 192.168.123.0/24 0.0.0.0/0
 
Old 09-23-2007, 08:19 AM   #12
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Quote:
Originally Posted by Simon Bridge View Post
In my system, from hoary on up, the rules are not brought up until I say so. Has never appeared upon ppp0 ore eth0 activating. Never found any default rules. How did you manage it?

Since you posted, I've been looking for hide or hair of a default Ubuntu firewall. I found ubuntu-firewall-cfg but not on my system.
It is (or was) a question that is asked when you setup either pppoe or firestarter.
If you search the /etc directory and its subdirectories for iptables, you should be able to find out how iptables are configured and started.

At this moment my Ubuntu system is down due to renovation of our kitchen, so no chance of checking.
 
Old 09-24-2007, 02:10 AM   #13
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Original Poster
Rep: Reputation: 16
Thanks everyone so much! I've finally made it! The firewall can now automatically start upon booting! Thanks!
 
Old 09-24-2007, 02:20 AM   #14
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
Quote:
It is (or was) a question that is asked when you setup either pppoe or Firestarter.
Fair enough - having not set up either.

At east OP is happy Well done.
 
Old 09-28-2007, 10:36 PM   #15
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
For the record, on Debian, the base setup starts iptables with all ports open. When Firestarter is installed and initialized, without asking any permission, it starts up on every reboot with a "reasonable" set of rules including those specifically entered by you.
 
  


Reply

Tags
firestarter, sudoers


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firestarter Firewall shipon_97 Linux - Security 3 03-25-2006 07:21 AM
anybody using firestarter firewall? reddog Linux - Security 4 03-21-2006 08:44 AM
Problems wih firestarter firewall lostn1slinux Linux - Software 0 12-01-2005 01:19 PM
firestarter firewall thelenko Linux - Software 8 05-30-2004 03:01 AM
help with firestarter firewall luap Linux - Networking 1 03-15-2003 11:09 AM


All times are GMT -5. The time now is 05:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration