What is wrong with firestarter?
Eberhard Roloff
tuxebi at gmx.de
Tue Aug 26 14:20:56 UTC 2008
Derek Broughton schrieb:
> Knapp wrote:
>
>> I read something here about Firestarter not being so good to use. What
>> is the problem with it? I use it and like it so far but don't want to
>> get hacked because of using it over something better.
>
> I'm pretty sure it doesn't make a bit of difference which firewall tool you
> use in the long run - they all create the same iptables rules, which are
> good or bad mostly dependent on the user who created them. The issues with
> firestarter - and _every_ firewall tool I've ever used are all usability.
> It's just not possible for a user to create a safe firewall without
> actually understanding iptables, and I don't see why that has to be (otoh,
> I'm not smart enough to write the killer replacement :-) ).
>
> Now, I'm going to get a long chain of responses saying that tool "x"
> (including firestarter) actually doesn't have this problem :-)
Your absolutely right, the user needs to unserstand what her firewall
is going to do.
However this does not necessarily mean that she needs to understand
the iptables syntax, as well.
For example, I am currently forced to work with vista and wanted to
have my vncviewer to listen for incoming connections on port 5555.
Knowing what I wanted the firewall to behave, I could very easily set
it up to let the Protocol (tcp) pass through on port 5555. Now I must
admit that I do have only VERY superficial knowledge of iptables and
most of the time, it is just not worthwhile (for me) to tinker with
iptables. And imho this is where the graphical tools shine.
Kind regards
Eberhard
More information about the ubuntu-users
mailing list