Firestarter/firewall

John Richard Moser nigelenki at comcast.net
Fri Feb 11 16:36:54 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I tried Firestarter out for a firewall, as i need to do NAT on my box
but apparently it takes work, i.e. you have to write your own scripts
for /etc/network/interfaces or init.d.  Either way you're essentially
writing init scripts (scripts run by an init.d script, or directly
writing init.d scripts).

My original problem was that when my machine came up, by altering
/etc/modules, I could have it start the network interfaces, load irc
connection tracking, etc; but I had to manually enter the iptables rule
for connection tracking.  On gentoo, you could `/etc/init.d/iptables
save` and the firewall would restore each boot.

Someone recommended firestarter.  This is nice, it has its own init
script (I'd rather it just read from iptables and let a centralized init
script deal with it), it has a nice UI.  I like it, somewhat.

Problem is it blocks everything.  I turn on NAT and it does that now;
but it also blocks my LAN from SSHing into the machine.  It also broke
(irreparably apparently) IRC conn tracking, i.e. I no longer can DCC
files.  In general, it broke things.  A net loss.

It's nice, it might be nice for main one day, but it does break things.
 It also can't seem to start up the dhcp server (even after installing
the dhcp server), so blah.

Ubuntu still needs something to bring up firewall at boot.  People claim
ubuntu needs no firewall, but somehow, some way, home users need to set
up "internet connection sharing" in many situations.  This requires
iptables to be restored at boot, preferably without everyone in the
world calling the local hacker (i.e. me) to write their scripts.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCDTN9hDd4aOud5P8RAm49AJ0VKzKoMYtABBRAx1W1KphltWZndACfZnXD
CMSuhKfNCIXDpmKwvdPe7g4=
=3jrb
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list