Affinity

Firestarter firewall for linux

22 posts in this topic

Firestarter

Has anyone used this firewall before? I'm looking to replace the default firewall on Fedora Core and that is the first thing that shows up in a google search. The other firewalls I saw on that same search didn't give me a good feeling, something about the layouts of the website made it seem second rate in my eyes. If anyone has ever used it before your opinions on how well it worked and how flexible it is would be appreciated.

0

Share this post


Link to post
Share on other sites

If you have a network of computers and want to protect them all, instead of running a firewall on each machine you could setup a single network firewall. This might be overkill for just one machine, but I personally like IPcop, it installs on a dedicated machine and works well, that might be a solution for you.

0

Share this post


Link to post
Share on other sites
Firestarter

Has anyone used this firewall before? I'm looking to replace the default firewall on Fedora Core and that is the first thing that shows up in a google search. The other firewalls I saw on that same search didn't give me a good feeling, something about the layouts of the website made it seem second rate in my eyes. If anyone has ever used it before your opinions on how well it worked and how flexible it is would be appreciated.

and what's wrong with the firewall in fedora core it's just a front end for iptables which is a soild firewall in my opinion although if you want a frontend for it other than the default one check out shorewall i believe it's called

0

Share this post


Link to post
Share on other sites

I've used firestarter before. It seemed to work pretty well. I didn't really mess with its settings too much, but there seemed to be custom configurable settings for a lot of things. It has a nice simple GUI too.

0

Share this post


Link to post
Share on other sites
If you have a network of computers and want to protect them all, instead of running a firewall on each machine you could setup a single network firewall. This might be overkill for just one machine, but I personally like IPcop, it installs on a dedicated machine and works well, that might be a solution for you.

I have a home network with my computer, and a few other's that belong to my mom and brothers but I'm only worried about my computer. After I finish my first semester I do want to buy a low end computer and install linux on it and have it act as a firewall for my whole network, but for now I just want a good firewall for my own computer.

Edit: Enigma, would you say the built in firewall works as well as others available? I'm used to having useless security as defaults from running Windows and don't know enough about the linux firewall to know if it's effective or not.

ironically, or conveniently i dunno, as soon as i made this topic i started listening to the KOPN Tech Talk to see if it was any good and the episode i downloaded just happened to be about firewalls and linux lol, looks like i will have a good amount of info on this tonight.

Edited by Affinity
0

Share this post


Link to post
Share on other sites

Just know that all these "firewall programs" for Linux are all frontends for iptables, the kernel IP filtering mechanism. Though some certainly offer features that others don't, none of them can truly do something the other cannot. They're all frontends to the same thing, so as long as you find one that has the features and interface that you want, it's just as good as any of the other ones.

0

Share this post


Link to post
Share on other sites

I echo what Ohm said.

FYI, this isn't a firewall.

0

Share this post


Link to post
Share on other sites
Just know that all these "firewall programs" for Linux are all frontends for iptables, the kernel IP filtering mechanism. Though some certainly offer features that others don't, none of them can truly do something the other cannot. They're all frontends to the same thing, so as long as you find one that has the features and interface that you want, it's just as good as any of the other ones.

since he keep repeating himself, you have to ask yourself dose he even know what a frontend is.

0

Share this post


Link to post
Share on other sites

I'm quite happy with the frontend that is included with fedora. Like most guis it doesn't offer all of the functionality that configuring from the command line does. But for normal firewalling it does a pretty damn good job.

0

Share this post


Link to post
Share on other sites

There appear to be some misconceptions going around regarding firewalls for GNU/Linux. If what you want is simply to close all ports, probably 99% of all distributions already does this through iptables. The exception is if it's set up to offer services like SSH, FTP or HTTP etc. by default. In which case you either want the ports open, or you don't want the services running at all.

If Firestarter is a good frontend (a graphical interface) for iptables is largely a question of taste. It is neither less or more secure than configuring iptables manually (if you know what you're doing), or using other similar frontends.

If you're unsure about whether ports are open, you can always do a portscan with for example ShieldsUp: http://www.grc.com/default.htm

0

Share this post


Link to post
Share on other sites

To see which ports are open, start with netstat -lntp from the command-line. The added complexity of the internet can give false negatives and even false positives sometimes. The first step when seeing which ports you have open should be querying the kernel yourself, instead of trying to interpret the results of a portscan across foreign networks.

0

Share this post


Link to post
Share on other sites

umm firestarter is not a firewall i's just a frontend to iptables, iptables is the firewall in all of linux prettymuch

0

Share this post


Link to post
Share on other sites
umm firestarter is not a firewall i's just a frontend to iptables, iptables is the firewall in all of linux prettymuch

Thank you Cpt. Redundant, I don't think we figured that out yet.

0

Share this post


Link to post
Share on other sites
Thank you Cpt. Redundant, I don't think we figured that out yet.

-_- Ohm and his infinite wisdom

0

Share this post


Link to post
Share on other sites

Ohm gotta love it, since the parent poster think it's a firewall within itself, mayeb you should reread his post he calls it a firewall which it is not,

but then again I didn't read your fist post lol

Edited by kitche
0

Share this post


Link to post
Share on other sites

I use firestarter all the time. Like everyone said, its just a front end to iptables. The gui that is already set up on your Fedora box should be enough for what you need. It would just be redundant to install yet another GUI frontend to iptables if you already have one. I use firestarter because debian doesnt come with a GUI front end to iptables by default. There are many many options in your distro repository, but most likely not as good as the one specific to your distro.

0

Share this post


Link to post
Share on other sites

Is there an alternative to iptables? If yes, how does it compare with iptables?

0

Share this post


Link to post
Share on other sites

I don't think so. The actual filtering code in the kernel is called Netfilter. Its low level interface is called iptables, as is the command-line app. I don't know of another IP filtering package for Linux (besides ipchains, which was replaced by iptables).

The truth is, Netfilter is very capable. It can even be expanded with more modules for added functionality, so there's no real reason for another major filtering package to exist. iptables is sometimes difficult to use though, but that's why the frontends are there.

For more info on Netfilter and iptables, see http://www.netfilter.org/

0

Share this post


Link to post
Share on other sites
Is there an alternative to iptables? If yes, how does it compare with iptables?

first off: why would you want to replace iptables?

second: why not make things easy and just use the software that comes with your distro?

third: nothing can replace the actual functionality that iptables has at the command line.

0

Share this post


Link to post
Share on other sites
I don't think so. The actual filtering code in the kernel is called Netfilter. Its low level interface is called iptables, as is the command-line app. I don't know of another IP filtering package for Linux (besides ipchains, which was replaced by iptables).

The truth is, Netfilter is very capable. It can even be expanded with more modules for added functionality, so there's no real reason for another major filtering package to exist. iptables is sometimes difficult to use though, but that's why the frontends are there.

For more info on Netfilter and iptables, see http://www.netfilter.org/

Thanks Ohm, I never knew that.

0

Share this post


Link to post
Share on other sites

Thanks Ohm.

Alk3, I do not intend to replace it, I just wanted to know if there were alternatives to it (curiosity).

Linux is all about choice anyway.

I didn't know that the code was in the kernel itself though.

Was it like always like that?

E.g was ipchains in the kernel too?

Is there a special reason that it's not a userspace application?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now