Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43

Thread: How-To: Firestarter on startup (better & safer way)

  1. #1
    Join Date
    Apr 2007
    Location
    (X,Y,Z) = (0,0,0)
    Beans
    3,715

    How-To: Firestarter on startup (better & safer way)

    This how-to will let you start Firestarter automatically without having to enter a password for it, but also not editing /etc/sudoers and, thus, giving access to anyone to change it.

    Actually, this how-to was originally developed by kukibird1 in this thread; I put it here so it is more visible; also, I wrote it in a way I hope it will be more newbie-friendly than the original post. Thank, please, that user and not me.

    0. Understand what Firestarter is
    Firestarter is not the firewall, just a nice tool to configure iptables, the actual firewall.

    Iptables resets itself after reboot, so Firestarter is meant to start at boot and recreate iptables' rules. This is made before even GNOME/KDE/Xfce is started, so you won't see anything...

    You don't need to open Firestarter to be protected... So, any solution that makes Firestarter open (not only start) will prompt you for the "sudo" password and, because that's nasty, you're told to edit /etc/sudoers... Not good.

    1. Is it really Firestarter your problem?
    How do you know if Firestarter is your problem? Please, do this test:
    1. Reboot your machine.

    2. After having logged in as normally, go to a Terminal (Applications --> Accessories --> Terminal) and type:

    Code:
    sudo iptables -nL
    3. If you get the following, Firestarter must be fixed:
    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    If you don't get that and you know your firewall is not working, then either Firestarter is not the issue or it's not the "usual" Firestarter issue.

    2. Fix it!
    (To do this succesfully don't open Firestarter)
    1. Enter Terminal (see above)

    2. Type:
    Code:
    gksudo gedit /etc/firestarter/firestarter.sh
    3. Locate the following "paragraph":
    Code:
    if [ "$MASK" = "" -a "$1" != "stop" ]; then
            echo "External network device $IF is not ready. Aborting.."
            exit 2
    fi
    It's near the beginning; be careful, check twice before going to step 4!

    4. Make that paragraph look exactly like this (put a # before each line):
    Code:
    #if [ "$MASK" = "" -a "$1" != "stop" ]; then
            #echo "External network device $IF is not ready. Aborting.."
            #exit 2
    #fi
    5. Reboot. (If you know how to do it and want to skip the rest of the steps, deactivate the boot spash and monitor the boot process; it should say "Firestarter firewall starting up...[OK]". If so, you don't need to follow the rest)

    6. Enter a Terminal and type "sudo iptables -nL" again. It should be different to what you saw at the beginning.

    7. Open Firestarter, go again to Terminal and type "sudo iptables -nL" again. It should be the same as in step 6.

    8. Review Firestarter configuration to see if it's correct (there's no particular reason to do this, just to be sure you're protected).

    Now, you (and all users) are protected from boot, without messing around with sudo's configuration! You'll have to enter the password to access Firestarter, but as you usually do with other administrative apps.

    NOTE: If you run Firestarter's Wizard after this method, you'll have to repeat Section 2! If you want to change Firestarter's configuration, better do it using Edit -- > Preferences.

    Reasonale
    It seems (to me) that Firestarter thinks the network is not configured, so, without network, no firewall is needed and shuts down with an error. Putting those # is equivalent to delete the code that analizes that error, so this fix forces Firestart to start ignoring that "error" (?).
    Last edited by nvteighen; October 2nd, 2007 at 02:57 PM. Reason: i#f --> #if

  2. #2
    Join Date
    Feb 2007
    Location
    London - UK
    Beans
    398
    Distro
    Ubuntu 7.04 Feisty Fawn

    Re: How-To: Firestarter on startup (better & safer way)

    Thank You for compiling this and making it easy to follow :
    A Fool and His Money Are Soon Partying!!

  3. #3
    Join Date
    Apr 2007
    Location
    (X,Y,Z) = (0,0,0)
    Beans
    3,715

    Re: How-To: Firestarter on startup (better & safer way)

    Thanks! Any suggestion is welcomed, of course.

  4. #4
    Join Date
    Jun 2007
    Beans
    13

    Re: How-To: Firestarter on startup (better & safer way)

    nvteighen,

    Thank you for the information. Thankfully someone confirms what I've been saying.

    I had an alternate solution - this would run firestarter after the networking was started.

    http://ubuntuforums.org/showthread.php?t=449319

    Here is the solution that worked for me:

    I added sudo /usr/sbin/firestarter -s & to /etc/rc.local

  5. #5
    Join Date
    Apr 2007
    Location
    (X,Y,Z) = (0,0,0)
    Beans
    3,715

    Re: How-To: Firestarter on startup (better & safer way)

    Quote Originally Posted by jefferystone View Post
    nvteighen,

    Thank you for the information. Thankfully someone confirms what I've been saying.

    I had an alternate solution - this would run firestarter after the networking was started.

    http://ubuntuforums.org/showthread.php?t=449319
    But doesn't that starts the GUI?

    As I said before, you don't need to run the GUI... and according to some it may be also a bit dangerous to run something the whole time with root privileges.

  6. #6
    Join Date
    Oct 2006
    Beans
    158

    Re: How-To: Firestarter on startup (better & safer way)

    It is in rc5.d as S20firestarter I had problems with it not starting so I just changed it to S21firestarter this gives it enough time to start after the network come up.

    Walt

  7. #7
    Join Date
    Sep 2007
    Beans
    12

    Re: How-To: Firestarter on startup (better & safer way)

    Just to reiterate what I said on the other thread, (http://ubuntuforums.org/showthread.php?t=449319&page=3) it seems to me that this should be a default setting for the Firestarter package and perhaps should be fixed. Do I misunderstand?

  8. #8
    Join Date
    Oct 2005
    Location
    Rome, Ga
    Beans
    2,339
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How-To: Firestarter on startup (better & safer way)

    Huh. I have firestarter installed, set it up and all, and have rebooted several times since, and only have this in /etc/firestarter:

    non-routables.

    No shell script.

    I did something wrong somewhere, didn't I?

    EDIT*

    lmao oops, I ran setup again, and clicked save this time. rebooted and checked, and I have all kinds of cool stuff when I do step 2.
    Last edited by BLTicklemonster; September 15th, 2007 at 04:41 PM.

  9. #9
    Join Date
    Apr 2007
    Location
    (X,Y,Z) = (0,0,0)
    Beans
    3,715

    Re: How-To: Firestarter on startup (better & safer way)

    Quote Originally Posted by BLTicklemonster View Post
    Huh. I have firestarter installed, set it up and all, and have rebooted several times since, and only have this in /etc/firestarter:

    non-routables.

    No shell script.

    I did something wrong somewhere, didn't I?

    EDIT*

    lmao oops, I ran setup again, and clicked save this time. rebooted and checked, and I have all kinds of cool stuff when I do step 2.
    A question: do you use any restricted driver for your network devices (ethernet/wireless/modem)? Maybe that's why some people like me (using restricted Intel driver) must run these steps and some like you don't.

  10. #10
    Join Date
    Apr 2005
    Beans
    25

    Re: How-To: Firestarter on startup (better & safer way)

    I have had this problem on three different computers and this solution fixed it. They were all using different network hardware but I was using the stock Feisty drivers with all of them (i.e. I never installed any special network drivers on my own).

    The symptoms were as you described. I would configure some rules with Firestarter and they would be applied and working. Upon reboot, I would find that the ports I had blocked were open again. Iptables was running with no rules, and "sudo /etc/init.d/firestarter status" showed that Firestarter wasn't running.

    To be clear, I was never trying to get the Firestarter GUI to start when I booted; I only wanted my rules that I had configured to be applied into Iptables. The fix listed above finally got it to work.

    Thanks to kukibird1 and nvteighen!

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •