Firestarter Firewall.

[aaae]

Would it be possible to add this to the repo?

Description : GUI firewall for Linux
Link : http://www.fs-security.com/
Source : http://www.fs-security.com/download.php

If you know of something better, I'm not adverse to trying something different.

Thanks.

FYI. I'm not sure if you're aware and I don't know where else to post it :
The GUI for nmap installs and runs as "Zenmap".
CLI is fine.

[thenktor]

FYI. I'm not sure if you're aware and I don't know where else to post it :
The GUI for nmap installs and runs as "Zenmap".
CLI is fine.

Because that's it's name: http://nmap.org/zenmap/

[aaae]

thenktor,
I didn't realise that. It was the first time I had installed it. I just assumed the zen prefix it was something that had been modded at Zenwalk and not changed back. Wasn't really the main idea of my post, just an after thought. perhaps ps. would have been better than FYI...

[thenktor]

To be honest: the first time I've seen the nmap-fe as zenmap I've thought the same (I had Zenwalk these times)

[damNageHack]

Hi aaae,

thanks for your suggestion.

I tried to build a package. But I still have a few questions.

1. Do you need the package for Salix 32 bits (arch=i486) or 64 bits (arch=x86_64)? I guess both generally required.

2. The README in firestarter-1.0.3.tar.gz from the mentioned homepage says:

Requirements
============
A machine running Linux kernel version 2.4 or 2.6 with
Linux IP Firewalling Tables (iptables) version 1.2.3 or higher

This should be generally no problem cause the default kernel in Salix (the original one from Slackware 13 repository) comes with iptables.

GNOME 2.6 (For example, Fedora Core 2, SuSE 9.2, Mandrake 10.1 or newer)

Gnome is *not default* for salix, so users have to install Gnome? AFAIK only gconf is used (some reference in the build script).

3. There will be many files installed to /etc (firestarter stuff and gconf additions). Is therefore the .new treatment needed or should the files be *never* changed by the user?

raphael[etc]$ find .
.
./firestarter
./firestarter/non-routables.new
./gconf
./gconf/schemas
./gconf/schemas/firestarter.schemas.new
./gconf/gconf.xml.defaults
./gconf/gconf.xml.defaults/schemas
./gconf/gconf.xml.defaults/schemas/apps
./gconf/gconf.xml.defaults/schemas/apps/firestarter
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/icmp
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/icmp/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/tos
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/tos/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/dhcp
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/dhcp/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/firewall/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/client
./gconf/gconf.xml.defaults/schemas/apps/firestarter/client/ui
./gconf/gconf.xml.defaults/schemas/apps/firestarter/client/ui/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/client/filter
./gconf/gconf.xml.defaults/schemas/apps/firestarter/client/filter/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/client/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/firestarter/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/apps/%gconf.xml.new
./gconf/gconf.xml.defaults/schemas/%gconf.xml.new
./gconf/gconf.xml.defaults/apps
./gconf/gconf.xml.defaults/apps/firestarter
./gconf/gconf.xml.defaults/apps/firestarter/firewall
./gconf/gconf.xml.defaults/apps/firestarter/firewall/icmp
./gconf/gconf.xml.defaults/apps/firestarter/firewall/icmp/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/firewall/tos
./gconf/gconf.xml.defaults/apps/firestarter/firewall/tos/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/firewall/dhcp
./gconf/gconf.xml.defaults/apps/firestarter/firewall/dhcp/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/firewall/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/client
./gconf/gconf.xml.defaults/apps/firestarter/client/ui
./gconf/gconf.xml.defaults/apps/firestarter/client/ui/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/client/filter
./gconf/gconf.xml.defaults/apps/firestarter/client/filter/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/client/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/firestarter/%gconf.xml.new
./gconf/gconf.xml.defaults/apps/%gconf.xml.new

Fixed.

[18:55:06] <gapan> gconf files should never be .new

4. You can find a package (including the build script) in Zenwalk distribution. I ported some extracts partially to SLKBUILD, for compliance with some rules.
Maybe you use the package of Zenwalk? Please report if it works in Salix.
Take a look at the many dependencies given on the page: http://zur.zenwalk.org/view/package/name/firestarter

5. Sorry about that I can not suggest you any alternatives. Reason is that I can use google to search for some but I have no experience with any of them, just used also only Firestarter so far some time ago and with other distributions.

EDIT:
Sorry I removed my package from the server cause of too many unclear things. Also, the downloaded source tar.gz seems to be dirty and buggy somehow or the provided doucmentation is too bad for me.

[aaae]

Hey damNageHack,

1. I personally have 32bit.
2. I have spent a fair amount of time looking into it, I saw that it uses gnome. I have used it on a couple of other distros that use xfce, as to how its done I have no idea... sorry.
3. ?
4. I tried to use the Zenwalk package but I got a "Source Failed" error. Though it was probably user error (my lack of knowledge) more than the package not working.
5. No problem. Firestarter works well for me. Just thought there may have been another firewall in the repository or something.

Thanks for your help.

[revoke]

The Firestarter package from Wolvix 2.x works "out of the box" with Salix OS 13.0.2a (32-bit tested) with a couple of caveats.

1. Auto loading does not work because it requires that you have administrator access. There may be a workaround for this, but I have not looked all that hard into solving it (yet).

2. The current version, Firestarter 1.0.3, is quite old (2006-2007, I think?) and required some hacking to make the package work with modern Linuxes. Observe Wolvix's notes:

"NOTE! Firestarter is in need of an update or a patch to fix issues with the latest GNOME libraries. This package use a dirty workaround to launch it."

You can currently find the package here (although Wolvix's repos appear to be in a bit of flux right now, so who knows how long this will be up):

http://wolvix3.homelinux.net/wolvix-2.0 ... 6-5wlv.tgz

...and associated meta and text packages are there too:

http://wolvix3.homelinux.net/wolvix-2.0 ... -5wlv.meta
http://wolvix3.homelinux.net/wolvix-2.0 ... 6-5wlv.txt

To Install, just use pkgtool or installpkg

Code: Select all

installpkg firestarter-1.0.3-i486-5wlv.tgz

To avoid the load-at-start-up errors:
1.Launch firestarter (hint: it's under "System")
2. Enter your root password
3. From Edit-->Preferences-->Firewall uncheck "start/restart firewall on DHCP lease renewal"

This means you have to manually launch firestarter, but it avoids errors at login. I usually just add a launch icon to either my desktop or the taskbar and launch firestarter as needed (for example, when at cafe with free "open" wireless).

I also personally prefer to check "Enable tray icon" and "Minimize to tray on window close" (under Edit-->Preferences-->Interface) to keep the interface out of my way.

One of the first tasks I perform whenever I load up a new distribution is to load a graphical firewall front-end. If the distro rolls with KDE libraries, than that typically makes Guarddog (also circa 2007) easier to install. If the distro uses GTK, I go for firestarter. Firestarter has been becoming increasingly more difficult to compile, so I'm glad Wolvix figured it out. I'm also glad it works with Salix because I am really enjoying this distro at the moment.

Good luck, and I hope someone finds this information useful.

-revoke

[damNageHack]

The Firestarter package from Wolvix 2.x works "out of the box" with Salix OS 13.0.2a (32-bit tested) with a couple of caveats.

Thanks for your search and your detailled help by providing some how-to documentation

1. Auto loading does not work because it requires that you have administrator access. There may be a workaround for this, but I have not looked all that hard into solving it (yet).

You could use one of those solutions probably:
- gksu (but you will have to enter the root password anyway)
- set the particular binary with suid flag (gives root rights to the executing user, generally ugly):

Code: Select all

chmod u+s firestarter

- create a new user group, add your user to that and give execution rights for the binary to this group. Probably will not work if "real" root rights are required, then you will have to set suid flag for this group also.
- sudo: hard to configure that it is "really" safe. I do not want to help here.

[revoke]

Thanks for your search and your detailled help by providing some how-to documentation

I thought it might be cool to make my first post on a Linux forum something helpful, rather than just screaming for help like so may users seem to do (mostly beginners). Thanks to all the other Slackers out there (whether it be vanilla Slack, Zenwalk, Vector, Wolvix, or Salix), I was able to solve all my issues on my latest system (a laptop found in the trash no less) by good old-fashioned web searching (or RTFM ). Firewall front-end was one of my issues, so I thought I'd share what I came up with so far.

Further playing has proven me wrong about the settings in Firestarter. In order to avoid "Insufficient Privileges" errors at boot, you have to close out of Firestarter before shutting down. The settings under Preferences --> Firewall are irrelevant. The other way to avoid the annoying error at login is to uncheck "Save session for future login" when you shutdown.

You could use one of those solutions probably:
- gksu (but you will have to enter the root password anyway)
- set the particular binary with suid flag (gives root rights to the executing user, generally ugly):

Code: Select all

chmod u+s firestarter

- create a new user group, add your user to that and give execution rights for the binary to this group. Probably will not work if "real" root rights are required, then you will have to set suid flag for this group also.
- sudo: hard to configure that it is "really" safe. I do not want to help here.

Yikes! Not sure I want to try any of those, but I'll keep them in my thoughts if I do decide to attempt a workaround. The first option seems fine as I don't mind putting in the password at launch. Thanks for the tips!

I'm actually looking for other options as well. Firestarter will work fine for now, but perhaps something that is still in development would be better.

Here's one combination that looks promising:
ufw + gufw for a front end (both are used by the 'buntu camp):

ufw: https://launchpad.net/ufw
gufw: http://gufw.tuxfamily.org/index.html
SlackBuild for ufw: http://slackbuilds.org/repository/13.0/network/ufw/[/list]

Some other options (that appear to still be active):
SlackFire (iptables scripts made specifically for Slackware): http://slackfire.berlios.de/
flex-fw: (another small front end for iptables): http://code.google.com/p/flex-fw/

Old options (no longer updated?)
"Easy Firewall Generator": http://connie.slackware.com/~alien/efg/
LutelWall (stand alone?): http://firewall.lutel.pl/ --from 2005. Listed by the LQ Wiki as having a GUI

So, there you have them. Once I get some spare time (April?), I think I might sit down and play with some of these other more current firewall options.

-revoke

[lmello]

There's Firewall Builder also, a QT GUI for making your rc.firewall.

Check http://www.fwbuilder.org