This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature

Securing your workstation with Firestarter

By Paul Virijevich on January 04, 2005 (8:00:00 AM)

Share    Print    Comments   

Firestarter is a GPL-licensed graphical firewall configuration program for iptables, the powerful firewall included in Linux kernels 2.4 and 2.6. Firestarter supports network address translation for sharing an Internet connection among multiple computers, and port forwarding for redirecting traffic to an internal workstation. Firestarter's clean and easy to use graphical user interface takes the time out of setting up a custom firewall.

The Firestarter project provides binary packages for Fedora Core 2 and 3, SUSE 9.2, and Debian; you can use RPM or apt for installation. A source tarball in available for installation on other distributions. GNOME 2.6 is required. If you are running KDE, your distribution's package manager will resolve any dependencies and install any required GNOME libraries.

Let the wizard be your guide

Firestarter automatically saves your settings and restarts itself upon reboot when installed from a binary package (RPM or .deb). The installation procedure puts a Firestarter icon in the System Tools menu if you are running GNOME. To launch firestarter in KDE, open a terminal window and type firestarter or create your own menu entry. Launching Firestarter the first time will bring up the first run configuration wizard. In it, select your network adapter. If you have a cable modem or a DSL connection that uses a dynamic IP address, check the box that reads "IP address is assigned via DHCP." Firestarter is now ready to protect your workstation.

The program's main interface consists of three tabs: status, events, and policy. The status tab indicates whether the firewall is active, shows your network devices, the number of events that have occurred, and any active connections. The event tab lets you know what traffic is being blocked by the firewall. An event is a connection that has been blocked. This tab is where you can selectively allow services through your firewall. Items in black are normal connections to random ports. Items in red could be unauthorized connections attempts. Items in grey are harmless (usually broadcast traffic). The policy tab lets you define which hosts and services are allowed to communicate with your workstation. This is also where you can more broadly define rules.

Firestarter main

The two extremes of firewalling are blacklisting and whitelisting. A blacklist denies all activity while a whitelist does the opposite. By default, Firestarter operates in blacklist mode for inbound connections and whitelist mode for outbound traffic. This setup is secure but may not allow legitimate inbound connections. This is where the events tab comes in handy. Both inbound and outbound events are registered. By right-clicking on an inbound event you can choose to:

  • Allow Connections from Source, which gives the source of the connection a free pass through all ports on the firewall;
  • Allow Inbound Service for Everyone; or
  • Allow Inbound Service for Source, which gives only a specific source permission to connect to a service.

By right-clicking on an outbound event you can choose to:

  • Allow Connections to Destination, which allow everyone to reach a specified destination;
  • Allow Outbound Service for Everyone; or
  • Allow Outbound Service for Source, which allows only a specific computer to use a service.

By starting off with blacklisting and then selectively allowing inbound and outbound connections, you can quickly create a very secure firewall. All you need to do is keep an eye on the blocked connections in the event tab and then decide what services to allow. This setup is useful for preventing a malicious program from contacting a remote server, but it takes time to tune it properly. If you already know the names or port numbers of the services you want to pass through the firewall, you can more quickly set rules using the policy tab.

Firestarter events

The policy tab's inbound interface allows you to specify which hosts and services to allow, and lets you set up port forwarding. For example, if an internal workstation was running a service that needed to be accessed from the Internet, you would tell Firestarter that any connections to the firewall on that port should be redirected to the internal machine. The outbound interface allows you to set up blanket whitelisting or blacklisting. You can also block individual hosts or services from this interface. Clicking on the check box above the Policy tab activates any changes (automatic updating of Policy changes can be set in the Preferences menu).

Firestarter policy

Lasting protection

After a few minutes of installation and configuration, Firestarter will add an extra layer of security to your workstation. Any future configuration is activated upon reboot.

Firestarter takes the pain out of workstation firewall configuration. Its excellent online tutorial and manual are well written and provide clear instructions on how the software is used. The project maintains an active support mailing list.

The Firestarter team has taken something that is hard to configure, wrapped it in a clean user interface, and provided great documentation. Isn't it time to make your workstation a little more secure?

Share    Print    Comments   

Comments

on Securing your workstation with Firestarter

There are no comments attached to this item.

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya