Firestarter/firewall

John Richard Moser nigelenki at comcast.net
Fri Feb 11 18:19:43 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Christian Bjälevik wrote:
> John Richard Moser wrote:
> 
>> Someone recommended firestarter.  This is nice, it has its own init
>> script (I'd rather it just read from iptables and let a centralized init
>> script deal with it), it has a nice UI.  I like it, somewhat.
>>
>> Problem is it blocks everything.  I turn on NAT and it does that now;
>> but it also blocks my LAN from SSHing into the machine.  It also broke
>> (irreparably apparently) IRC conn tracking, i.e. I no longer can DCC
>> files.  In general, it broke things.  A net loss.
> 
> You can allow stuff from with-in the gui. Dunno about conntrack, haven't
> looked into that myself.
> 

I allowed 192.168.0.0/24 and it still doesn't let me ssh in.  Conntrack
I can't find, should be fairly automatic.  I've already griped both of
these at the maintainer, btw; I only brought it here to preempt any
ideas of main deployment (which I found out already was talked over long
ago).

>> It's nice, it might be nice for main one day, but it does break things.
>>  It also can't seem to start up the dhcp server (even after installing
>> the dhcp server), so blah.
> 
> Shouldn't that daemon start on boot? Did for me last time I used the
> package anyway.
> 

yeah, firestarter tries to restart it and it's like ":( CANT FIND WTF"

>> Ubuntu still needs something to bring up firewall at boot.  People claim
>> ubuntu needs no firewall, but somehow, some way, home users need to set
>> up "internet connection sharing" in many situations.  This requires
>> iptables to be restored at boot, preferably without everyone in the
>> world calling the local hacker (i.e. me) to write their scripts.
> 
> I like firestarter when I'm on a machine with GUI :-). In the other case
> I got my self-made iptables.sh and update-rc.d.

heh.  Most normal users would like a firewall as a comfort barrier; but
it does really bring the quick-and-dirty NAT.

. . . universe has 1.0.1, but 1.0.3 is out.

> 
> Sincererly

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCDUufhDd4aOud5P8RAv81AJ9Wgfo/osCRy7UHt56HtkI17vBm8wCfXBNF
NsDO+58BJH63T+//rz+03wc=
=ZXL5
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list