IntroductionFirestarter is an application which provides a graphical interface for quickly configuring firewall rules and settings (policies). Firestarter itself is not a firewall, rather, it is a frontend for configuring iptables, which is the firewall system built into the Linux kernel. Firestarter also provides real-time monitoring of network traffic.
Note: Although Firstarter is fully functional, active development ended in 2005 with version 1.0.3. For an overview of alternative applications, see Firewall.
Key Features
- Easy to use graphical interface.
- Suitable for use on desktops, servers and gateways.
- Enables Internet connection sharing.
- Allows you to define both inbound and outbound access policy.
- Option to whitelist or blacklist traffic.
- Wizard for easily configuring your firewall.
- Sets up DHCP for a local network.
- Real time firewall events view.
- View active network connections, including any traffic routed through the firewall.
Screenshots[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذه الصورة] InstallationHints and TipsRecommended SettingsTo open the preference window, click
Edit → Preferences. The preferences are divided into two categories; options that change the interface and options that affect the firewall. Select the following options in the corresponding sections:
Interface OptionsCheck
Enable tray icon and
Minimize to tray on window close. (
Note: Your firewall will be active when you boot regardless of whether Firestarter is running in the tray or not.)
Policy OptionsCheck the
Apply policy changes immediately.
Firewall OptionsICMP FilteringsSelect
Enable ICMP filtering and check
Echo request (ping) and
Echo reply (pong) (for network connection testing/troubleshooting).
Disable/Enable the FirewallTo disable the firewall click
Firewall → Stop Firewall, or by click the
Stop Firewall icon when the Status tab is selected.
To re-enable the firewall click
Firewall → Start Firewall, or click the
Start Firewall icon when the Status tab is selected.
Allow an Inbound Event from the Events TabRight click on the connection you would like to allow and select the action you would like to take from the pop-up menu (this is equivalent to making a new policy). The description of the actions are as follows:
Allow Connections from Source: This action gives the source of the connection permission to make any connection it wants. This is equivalent to trusting the source blindly and should be carefully used.
Allow Inbound Service for Everyone: This action allows everyone to access the service the connection was previously blocked from.
Allow Inbound Service for Source: This action allows only this specific source to access the service in question. This is known as stealthing, no other host except the source will be aware that the service even exists.
TroubleshootingNetworkManagerIt has been reported that there is a conflict between Firestarter and NetworkManager when booting that can cause the firewall policies to not initialize correctly.
A possible workaround is to edit
/etc/firestarter/firestarter.sh gksu gedit /etc/firestarter/firestarter.sh
Comment out the following block:
if [ "$MASK" = "" -a "$1" != "stop" ]; then
echo "External network device $IF is not ready. Aborting.."
exit 2
fi
So that it looks like this:
#if [ "$MASK" = "" -a "$1" != "stop" ]; then
#echo "External network device $IF is not ready. Aborting.."
#exit 2
#fi
Save your changes and re-boot.
Stalled connectionsWhen you use internet connection with traffic limiting by dropping packets (for example, ADSL ISP) firestarter may be a cause stalling TCP connections. For example, when you try to scp some megabytes, process hangs up and scp writes "stalled".
This problem is due to bug #258863 in firestarter. Firestarter contains script (/etc/firestarter/sysctl-tuning), that disables in kernel some TCP mechanisms, that are responsible for effective connection in network with packet loss: SACK, Window-scaling and TCP-timestamps.
If you have such problems, consider using UFW or comment out following lines in the script mentioned above (I have not tested this):
# Turn off TCP Timestamping in kernel
if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
fi
# Set TCP Re-Ordering value in kernel to '5'
if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then
echo 5 > /proc/sys/net/ipv4/tcp_reordering
fi
# Turn off TCP ACK in kernel
if [ -e /proc/sys/net/ipv4/tcp_sack ]; then
echo 0 > /proc/sys/net/ipv4/tcp_sack
fi
#Turn off TCP Window Scaling in kernel
if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
fi
Like this
# Turn off TCP Timestamping in kernel
#if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then
# echo 0 > /proc/sys/net/ipv4/tcp_timestamps
#fi
# Set TCP Re-Ordering value in kernel to '5'
#if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then
# echo 5 > /proc/sys/net/ipv4/tcp_reordering
#fi
# Turn off TCP ACK in kernel
#if [ -e /proc/sys/net/ipv4/tcp_sack ]; then
# echo 0 > /proc/sys/net/ipv4/tcp_sack
#fi
#Turn off TCP Window Scaling in kernel
#if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then
# echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
#fi
Save your changes and restart firewall:
sudo /etc/init.d/firestarter restart
See Also
Firewall - An introduction to firewalls, and how to manage them in Ubuntu.
Iptables - The tables provided by the Linux kernel firewall.
UFW - The default firewall configuration tool for Ubuntu.
Gufw - A GUI frontend for controlling UFW.
التحميل من هناااااااااااا
[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] 
منتديات الكومبيوتر والأنترنت والموبيل
منتدى برامج إدارة الشبكات وتوزيعات الأنترنت
1
2011-03-26, 16:28
2
9
