Hello,

I was just wondering if anyone uses 'Firestarter' firewall, and what you think of it?

Hi Clifford.

Some people probably do but I don't and haven't for years as it is, as far as I am aware, no longer actively supported. To me it is important that things like firewalls are supported so they can remain a viable method of protection. The projects home page suggests the project hasn't been worked on since 2007.

1 members found this post helpful.

Firestarter works just fine.

I have to disagree with k3tlt01. A firewall is not like an anti-virus program. It doesn't need to be constantly updated for new threats. It needs to control ports and traffic.

An rc.firewall script does not have to be updated once it is configured. It just works until you have to change it (say, to open up a new port for a different service).

Either way, iptables is doing the work. The typical Linux "firewall program" is just a frontend for iptables.

2 members found this post helpful.

If the front end has security flaws in it I'd like to know quickly that is why I believe it needs continuous support. Having said that it is probably easier to learn iptables and set it up for the situation it is being used for.

0 members found this post helpful.

Well, you would, but it is hard for this to happen; if the underlying iptables/netfilter is kept up-to-date, then the front end only has to write out a sensible set of iptables rules. And anyway, you would want to look through the set of rules that it writes, if only for education, wouldn't you?

2 members found this post helpful.

If you look at the history of Firestarter they had to keep updating it for a reason.

Maybe they finally got it right? (grin)

All I can say is that I haven't had any problems. I've used Firestarter when it was easily available (as with Gnome distributions) and an rc.firewall script when it wasn't (Slackwere, where getting FS working was dependency hell when Pat dropped Gnome). I haven't noticed any particular difference, but, if I were compromised, I'd likely not know it.

Otherwise, I wouldn't be compromised.

2 members found this post helpful.

I have been using firestarter for three days, started on the 6th. In the last two days there appear to have been about 30 ( I didn't count, just estimated) attempts to break in. The breakins seem to be to the same IP, 75.182.32.244 & have varied from TCP to UDP to ICMP protocol and have been, unknown, SSH, DHCP, HTTP service. the source was different on each of them. Most of them were on 7th. I don't know what this means, but assume I am being protected. No? I'm a newbie with Linux but used firewall in Win XP, I'd have been a fool not to do so. As far as I can remember, I never got an update on the firewall in the ten or so years I ran one, although I got daily ones on my AVG antivirus. Any way, thats my input for what its worth.
Does this help anyone?
Michael

As implied in other posts above, firestarter is not the actual firewall. It basically helps to create (automagically) a set of rules for iptables. Worked well for me.

1 members found this post helpful.

This is 'thread drift', but it is an important point; it is not safe to assume that you are protected just because you have a firewall. If you have defined a ruleset that has blocked these ports, then these ports are 'safe' from this attack; if you have a ruleset that doesn't block these ports, then the firewall isn't doing anything to protect you, and these ports are no safer than they were without the firewall. *

Note that if the firewall doesn't do anything to block off a particular port, you are down to whatever protection you have from other means. To take ssh as a frequently-attacked example, if you are using passwordless, a non-standard port and don't allow root logins (one possible combination out of several that could be plausible for offering protection...see here for more details) you are probably pretty safe. As, of course, you would be if nothing listened on the port that was attacked, although 'belt and braces' would be nicer.

If, however, you've have ssh configured on the default port, it uses an ordinary (not massively strong) password, you allow root logins, and don't do frequent reviews of your logfiles then it probably just a matter of time before someone gets in as root. They then 'pwn' your box.

(I don't now enough about 'all' distributions, but while 'the default' is probably not to enable ssh, if you do ask for ssh, 'the default' (on average, across the mass of distributions that are out there) is not to configure ssh in the most secure configuration. This is not ideal, but is the current reality.)

Note that this isn't a bug in the firewall program; you've got to decide what you want to do about, in this example, ssh. For many people, not using (and therefore not having it available) ssh is a good security measure; for others, ssh is a necessity, and therefore they have to choose what measures they think are adequate to make it safe. The firewall does not make these decisions for you.

(* I've taken the liberty of slightly oversimplifying the situation, here. Oversimplifications are dangerous, especially in security, but the point is largely correct. However, in the case that you are using something like denyhosts or fail2ban, you might have protection from 'blacklisting' persistent offenders without blocking off a specific port that is under attack. I get the impression that you would have mentioned it, if that is what you are doing, though.)

If you want to take this further (and it sounds like it might be a good idea, unless you know that you are already safe), it might be worthwhile to let it have its own thread, rather than hijacking someone else's thread for the purpose. This would make it more likely to get appropriate levels of attention.

1 members found this post helpful.

Looking at the site, it looks as if the documentation had an update of some kind late in 2010, so it looks as if it still gets some level of attention, even if the program itself hasn't been updated for quite a while.

2 members found this post helpful.

Salasi, I wasn't trying to change the thread, just pointing out that Firestarter seemed to be working for me. I realize I'm ignorant about firewalls, Just happy no one is getting in my system. Once I have some more linux under my belt I'll try to learn more about firewalls. I installed Firestarter because an article I read suggested that a. you should have a firewall & b. Firestarter was a good choice. Don't remember who it was, but I thought it was someone with some expertise. Thanks for what you had to say.
Michael

I realise people don't like my opinion on this matter and that is fine by me. I do think however, and I know saying this will get me another black mark in this thread, if you are going to say my comment is unhelpful maybe you could enlighten me as to why it is so.

@mikeb380, if you are using firestarter with Ubuntu thats up to you but there are better options in gui front ends. You could try Gufw which is a gui for UFW which is Uncomplicated FireWall. It is supported, not just with documentation. Writing a new document is fine but documents are not the target of the criminal mind, getting access to the computer is so the actual firewall, not the documentation to it, needs to be as spot on as possible.

Firestarter has not been changed since January 30 2005 (this information comes from its own homepage and sourceforge). I find it hard to believe that any program is that good that it needs no further changes in over 6 years.

Here are some links you may like to read

Firewall
Gufw 1
Gufw 2
Gufw 3
Firestarter Sourceforge look at the date for 1.03 and that was the last version they did.

Use whatever you wish to use, my recommendation will always be use what is actively supported and suits your system. Your security is important.

Uh, no. I thought that I was in danger of causing the thread to drift, but:

• Some people have excessive expectations of what a firewall does, and are then gobsmacked when it doesn't meet their barely-thought-out expectations. I don't know if you are one of them, but there is a danger in thinking "I have a firewall, any config, and therefore I am safe."
• In particular, Windows users often have odd expectations that a firewall will perform some non-firewall functions.
• Whatever front end you use, its just a graphical utility that some people find handy to create a set of firewall (in this case iptables/netfilter rules). Some rulesets are more paranoid/protective than others.
• If you know that there is a specific threat (and, apparently, you do), and you are relying on the firewall for protection from that threat, it behoves you to check that you are actually getting some protection from that threat
• You started this thread about Firestarter, and I was dragging it to the wider subject of 'Do i have protection, irrespective of what the particular front end is?'. If you were interested in this, either a change of title or a new thread might be appropriate.

I can't comment on b), but a) is correct. But that is not to say that every firewall is correctly configured, nor that it is doing what you expect.

That is a worthwhile objective. I would argue that it is not as hard as people, generally, think and that everyone should know something about iptables.