How to setup Firestarter – an easy to use Linux firewall

The days of confusing Linux firewalls are now over. Firestarter provides a very easy to use GUI for most Linux systems, allowing you to create specific firewall rules based on IP addresses, hosts or specific services (FTP, SSH, etc). Continue reading for a complete walk-through on using Firestarter.

  1. First you’ll need to download and install Firestarter. You can find installation options on the Firestarter download page. If you’re using Ubuntu (as I do for this tutorial), you can install it via Synaptic.
  2. Once installed, launch it from the appropriate menu (in Ubuntu, select Applications -> Internet -> Firestarter

  3. click to enlarge

  4. Enter your password to continue.

  5. click to enlarge

  6. Since this is the first time you’re running Firestarter, you’ll be taken through a quick setup wizard. Review the info on the Welcome screen and click Forward to continue.

  7. click to enlarge

  8. On the Network device setup screen you’ll need to specify which device (ethernet card, wireless card, modem etc) that provides your Internet connection. Generally, this is Ethernet device (eth0). If your Internet Service Provider assigns you a dynamic IP address (almost all North American broadband ISPs do), make sure to check the box IP address is assigned via DHCP. Click Forward to continue.

  9. click to enlarge

  10. If you’re going to use this PC to share its Internet connection with other PCs (ie. a gateway), place a check in the Enable Internet connection sharing. This is not the same thing as “file and printer” sharing, so unless you’re certain the PC you’re installing/setting up Firestarter on is going to act as a gateway, leave this option unchecked. Again, click Forward to continue.

  11. click to enlarge

  12. That’s it – the setup wizard is done. Place a check in the Start firewall now box, and click Save.

  13. click to enlarge

  14. Firestarter will launch and display the Status tab. If you’re currently surfing the Internet, using an FTP program etc, you’ll see detailed info on your connections in the Active connections pane.

  15. click to enlarge

  16. Now you’ll want to create some firewall rules. Click on the Policy tab, and make sure Inbound traffic policy is selected from the Editing drop-down menu. Right-click inside the Allow connections from host window, and select Add Rule.
  17. By adding a rule in this section, you’ll be allowing an IP, host or network full access to your Linux PC. They will still need to provide a user name and password to connect to any services (FTP, SSH etc), but the IP, host or network will not be blocked at all by your firewall. In the example below I added the host name for my MacBook Pro (ross-macbookpro) and included a descriptive comment. Click Add when you’re done.
  18. If you want to create a rule based on a single service (eg. SSH, FTP, Telnet etc), right-click in the Allow Service section and click Add Rule. From the new menu that pops up, select the service you want to allow from the Name drop-down menu. In the example below I selected SSH.

  19. click to enlarge

  20. The port for SSH (22) will be automatically added to the Port field. Decide who you want to allow to access SSH on the PC running Firestarter (Anyone, LAN clients, IP, host or network). In the example below, I opted to allow access to SSH from my PC running Vista, which has a host name of ross-vista. Again, I added a descriptive comment. Once you’ve got everything filled in, click Add
  21. Back at the Policy main menu, click the Apply Policy button to apply the two policies (rule) you just created.

  22. click to enlarge

  23. Now select Outbound traffic policy from the Editing pull-down menu.

    By default, Firestarter allows all outbound traffic. So if you’re trying to surf the web, chat with a friend using your IM program, FTP to a remote host, connect to your POP3 or IMAP email server – all of these services will be “allowed”. You can reverse that policy, and change it to Restrictive by default, whitelist traffic if you’d like, but then you’ll have to create rules to allow any outbound Internet activity.

  24. click to enlarge

  25. If you do opt to go the Restrictive route, creating outbound rules is pretty much the same as inbound rules. In the Allow connections to host, right-click and select Add Rule. Again, I will allow all outbound connections to my MacBook Pro by adding its host name (ross-macbookpro). Click Add to create this rule.
  26. And again, similar to inbound rules, you can create a rule that’s specific to a service. Right-click in the Allow service window and select Add Rule. As before, select the service you want to allow out (in the example below I selected FTP) and choose Anyone, Firewall host, LAN clients, IP, host or network. Click Add when you’re done.

    The screenshot below illustrates a rule that would allow me to FTP to my Windows Vista PC.

  27. Back at the Policy main window again, click Apply Policy to apply any new rules you created.

  28. click to enlarge

  29. Click the Events tab, and you’ll see a list of “firewall happenings”. In this example, I intentionally blocked off being able to FTP and SSH from my Linux PC, and when I tried to FTP and SSH to my web host, it was denied (blocked).

  30. click to enlarge

  31. Now that you’ve got the gist of creating firewall rules, select Edit -> Preferences.
  32. From here you can customize some of the Firestarter Interface options.

  33. click to enlarge

  34. Click Firewall from the left navigation window, and you can alter some of the Firewall specific preferences.

  35. click to enlarge

  36. That’s pretty much it – feel free to explore and by all means if you have a question, leave a comment below.

Home » Linux » How to setup Firestarter – an easy to use Linux firewall

4 thoughts on “How to setup Firestarter – an easy to use Linux firewall”

  1. I just installed Firestarter on my Ubuntu 11.10 machine. The only difference I see so far, is not being able to access my network printer. How do I allow this?

  2. Hola: Primero quiero decirte que la info esta muy buena y me ayudo a entender un par de cositas, y por otro lado tengo un pregunta… yo trabajo en un insitucion no tan pequeña en la que tengo aproximadamente 50 maquinas, y mi pregunta es si hay alguna manera de crear grupos de usuarios, con ciertos niveles de restricciones segun el grupo (ej, admin: ‘0’ restricciones, pasillos: internet pura, usuarios, solo paginas laborales… etc). Mi servidor es un ubuntu, y algo lei por ahi el iptables (usado graficamente desde webmin), pero no me llega a cerrar el tema de creacion de niveles de restricciones…
    desde ya muchas gracias, y sinceramente muy buen aporte el del articulo…


  3. Pingback: Anonymous

  4. Ja tenho o FireStarter aqui funcionando mas nao consigo compartilhar a conexao de internet via meu DWA110 USB Wi-Fi.

    Configuei o dispositivo (que inclusive pega sinais de redes wireless sem problemas) mas nao tem Cristo que faça o maldito compartilhar minha net via AD-HOC.

    Pode me ajudar?

Leave a Comment

Your email address will not be published. Required fields are marked *