Quote:
|
When you try to start in kde as user you get an error. If I kdesu firestarter it runs ok.
|
This is because regular users should not be able to alter firewall/etc configuration, for obvious reasons. It's the job of a system administrator.
You need to understand some things, after which this problem doesn't sound a problem at all anymore. Firestarter is not a firewall. It is merely a graphical front-end, a nice window-formed tool that allows you to control a program called
iptables in a more convenient way, and
iptables (user-space program) then controls the actual iptables which is in your Linux kernel, and does the real job. Therefore Firestarter does not need to show up on your desktop, not necessarily even run every boot if you configure a few things. The thing Firestarter is for is
creating a configuration for iptables. After that Firestarter is probably loaded during boot, it pushes this config you created to iptables which then takes it in use. Another way would be to save the config into a file and use
iptables-restore or just a shell script to load it during boot. You don't even need Firestarter to have an iptables-based firewall, since you could just as well use
iptables from console; the easy way to handle bigger firewall/router/etc configurations would be to write a script that handles iptables; possibly then use
iptables-save to save that config into a slightly more iptables-looking file and use
iptables-restore to load that file during boot (because iptables rules are not written in kernel and thus need to be reloaded during boot by an initscript).
So, shortly:
- Firestarter is not a firewall, just a graphical tool to configure iptables rules
- Firestarter does not need to run all the time, you just run it once when you create config and then let it be, and it ought to load that config for you
- if you are curious if your configuration is loaded at boot, check out (note: as root)
and you should see your rules -- note: in iptables' "format".
I hope that cleared things up a bit. Quite a many newcomer think Firestarter (or any other alike) need to be run all the time, like ZoneAlarm on Windows for example, but that is not the case. iptables is usually enabled in the kernel, and controlling it happens trough iptables userspace program, which is usually installed by default. If you remove your Firestarter you still have a firewall, it's just that probably Firestarter is no longer "feeding" the rules to iptables during boot, and you need to create an own/add to an existing initscript which handles it; this is not difficult at all.
More information (that you should read): iptables.org
EDIT:
Quote:
You have to decide whether to let iptables startup script
or firestarter to control your firewall, using chkconfig.
|
This is just what I meant: your firewall rules are saved into a file on your harddisk, by Firestarter if you use it, and then somebody just needs to "load" them when your machine boots. There exists an initscript of iptables' in your system that can do it, or then Firestarter can do it as well (I just wonder why, but I guess for nice working). It's just no use to have them both do it. That's why you have to decide if you want Firestarter, or iptables' initscript, do it. They make no difference, both just load the same rules to iptables. It is not a bug, it is the way the program works.
or something else.
