How to Open a Port in IPtables
 

I am running Kubuntu 7.04. The Firestarter program tells me that the firewall is active (I assume it is referring to iptables).

I'd like to open the ports necessary to fully utilize P2P file sharing applications like Limewire and Azureus. I want others to download from my share.

So how would I permanently open a certain port in iptables? I don't see an option in Firestarter to do this. I also have Guarddog installed as well (though it tells me "Guarddog was unable to find a Guarddog firewall at /etc/rc.firewall").

Thanks.

Not sure what Guarddog does, if it's a front-end for iptables like Firestarter is, but anyway. An empty iptables ruleset (both policies and rules) is like not using iptables at all. To have a port closed at all, you either need to specify a policy that drops every connection that matches the chain you wanted, or a special rule to do that. So, if you feel the port(s) are closed, you either need to remove the rule that closes the port(s), create a new rule to allow using those ports (or modify an existing rule, so you don't have overlapping rules) or change policy. To make a decicion, you need to know the current configuration: as root, run
and it's shown to you.

So if you use firestarter, add a new rule that ACCEPTs incoming traffic to the port(s) you want, or use iptables (read 'man iptables' for that; it's really easy once you get it).

I ran that command and this is the output; do you have any idea what it means?

In Firestarter, under Policy I go to "Add Rule" and it tells me to fill in a field that's labeled "IP address, host, or network". Do you know how I can just specify traffic to be permitted (from any source address) using a certain port number? For instance, Limewire has port 42042. Thanks a lot!

Errm, what it means is that, although you nominally have the firewall active, it is permitting everything.

In other words, you are getting the same protection from the firewall as if you had no firewall running. That is none.

What you ought to have (ideally) are chains which have a policy (default set of actions) of drop and a list of specific things that you allow. You could proceed by trying to create default policies of 'accept' and denying specific things, but that's more difficult to make secure (particularly as new threats arise).

Any of the 'Linux Firewalls' programs aren't really that at all; they are simplified interfaces to the underlying Iptables/Netfilter system. What this means is that you should only use one. Having another on your disk isn't bad, but be careful to only try to use one at once, otherwise the situation could get confused.

There are iptables tutorials on the web (...google! the one on frozentux is very complete, but you probably want something simpler like the one on yolinux), but if you have decided to use firestarter have a look to see if there are any examples using it, say, on its website or elsewhere. (I'd be very surprised if an 'easy' Iptables interface didn't provide some examples or a tutorial somewhere as part of the support that is provided.)

Okay, so if I use Firestarter to configure iptables, what are some general policies or rules I can enable for basic protection?