Hi members: Is a firewall enabled by default in linux and, more specifically, ubuntu? Also, any opinions of the default settings for firestarter would be appreciated. I have been noticing a bit of a slowdown of my connection. I assumed it was a Verizon DSL problem, but they claim it is not (shocking, huh). So I am experimenting with lowering my modem's FW security level, and configuring the iptables.
YES, iptables is the linux firewall and it's included in the kernel. You can set it by command line, or, you can use a GUI, if you prefer. OK! Firestarter Preferences INTERFACE (as you want) - Events -> Skip redundant entries - Policy -> Apply policy changes immediately FIREWALL (-> start firewall on program startup) - Network settings > it depends on your kind of connection - ICMP filter (enable, marked: Echo reply, Timestamping, Traceroute, Unreacheble) -ToS Filtering -> not enabled - Advanced Option -> Drop silently + Block broadcasts from external network About POLICY it depends on the software you use ... add in Inbound Traffic policy: Allow Service (name of p2p) from Port (es 4662 for Emule) when the source is Anyone ...
New to linux Ubuntu (7.10). Installed firestarter from synaptic although not really needed as I am not running a server, no sharing, and behind a router. I thought it might be useful for outboind protection. Firestarter, when installed from a package, runs as a system service. However I can't see it listed under System>Services - is it hidden ? I know that it works because right after booting up and logging in iptables -nL shows that it is 'engaged' so to speak. So how does one confirm that it is running as a system service ? Only other mystery is that the firestarter tray icon tends to disappear despite the setting 'minimise to tray' enabled. Regards.
Hello, Type the following: chkconfigure --list Do you see Firestater anywhere on the list? And if you type ps aux, what do you get? Cheers, Mrk
Apparently that is aRed Hat command unavailable in Ubuntu. Instead I installed sysvconfig (available in synaptic). Then entered > sudo service firestarter status < Result: > *Firestarter is running < Thanks for pointing me in the right direction.
Hello, Always glad to help. Although you can always check the status of a service using that command. It's service name switch - which can be stop, start, restart, reload, status etc... Cheers, Mrk
I'm not sure about other distributions, but as far as Ubuntu is concerned: No, iptables is installed but there are no default restrictive rules. The reason is that, by design, Ubuntu has no open ports since there are no unnecessary services running. Thus, a firewall is usually not needed. You can check this by executing You will see two exceptions: The first is dhclient which may look like this: dhclient rejects all packets that do not come from a DHCP server of a local network. This means that this port is open but cannot used for any attacks. The same is true for the second exception avahi which may look like this: Avahi is a technique used to connect computers in local network e.g. with a network cable without the need to configure them. If you don't need it you can disable it by editing /etc/default/avahi-daemon and setting AVAHI_DAEMON_START=0 Both services accept only data from the local network and do not impose a security risk.
If you search here in the forum you'll find several lengthy threads regarding the need of outbound control - but they are all related to Windows. Under Linux, if you only use software from the official repositories (and why should you need anything else since you find lots of applications in the repositories for everything and anything?) you won't have any adware or spyware problem. Thus, outbound control under Linux is unnecessary as long as you don't install software from other not trustworthy sites. Period.
Ocky, it's actually not needed that Firestarter is running as it is only a frontend for iptables. The iptables rules - once defined - are executed regardless if Firestarter is running or not.
