Please support VectorLinux!

Author Topic: starting firestarter  (Read 5409 times)

sledgehammer

  • Vectorian
  • ****
  • Posts: 1451
starting firestarter
« on: May 30, 2010, 09:59:53 am »
It should be called firestopper.  At least I can't start it on boot up on my VL 6.0 system. Rather I have to open a terminal, go to root, and type "firestarter" before it will start. (I got firestarter from the VL repositories)

I do not have firewall enabled in VASM.

Does anyone know whether I can just add a line or two at the end of /etc/rc.d/rc.local to get it to autostart?  Such as /usr/bin/firestarter --start?

And, if so, precisely the code to add? 

I have looked around and this seems to be a common problem.  I tried a couple of the "fixes" without success. I think I'm close, but not quite there.
VL7.0 xfce4 Samsung RF511

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: starting firestarter
« Reply #1 on: May 30, 2010, 10:15:30 am »
You can add the command to rc.local remember to use the
full path. Which is what I believe you have listed. You can
also try whereis <name of program>.

Bigpaws

sledgehammer

  • Vectorian
  • ****
  • Posts: 1451
Re: starting firestarter
« Reply #2 on: May 30, 2010, 10:55:13 am »
Thanks, bigpaws.

whereis returns

Quote
firestarter: /usr/bin/firestarter /etc/firestarter /usr/X11R6/bin/firestarter /usr/bin/X11/firestarter /usr/X11/bin/firestarter /usr/share/firestarter

Any clue which of these might be best?

VL7.0 xfce4 Samsung RF511

Andy Price

  • Packager
  • Vectorite
  • ****
  • Posts: 237
Re: starting firestarter
« Reply #3 on: May 30, 2010, 05:03:34 pm »
Running the command firestarter in a terminal doesn't start the firewall, it just brings up the Firestarter GUI so that you can adjust the settings. I'm guessing that you actually want to run the firewall.

You can check if the firewall is running by issuing (as root):
/etc/rc.d/init.d/firewall status.
You can also use start, stop or restart in place of status.

To get the firewall to run after you have installed Firestarter, you do need to have the firewall enabled in VASM. Firestarter itself doesn't show up in VASM, I guess it's really just a front-end to iptables, but I'm no expert, the above is just my experience.






retired1af

  • Packager
  • Vectorian
  • ****
  • Posts: 1280
Re: starting firestarter
« Reply #4 on: May 30, 2010, 06:07:24 pm »
I just installed the program and fiddled around with it. It has an option to start whenever you connect, so I'm not sure you need to add it to rc.local.

I wasn't that impressed with it.
ASUS K73 Intel i3 Dual Core 2.3GHz

sledgehammer

  • Vectorian
  • ****
  • Posts: 1451
Re: starting firestarter
« Reply #5 on: May 30, 2010, 07:24:43 pm »
Thanks to all,

Andy Price's suggestion was quite enlightening.  The below shows first an attempt when I thought firestarter was running (the gui was showing in the panel).  Secondly, the result of the same command with the firestarter gui not running.  Third shows the results of the same command after enabling firewall in VASM>Services (level 4). Last shows running same command with the firestarter gui running while firewall is on in VASM.

FIRST

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
bash: /etc/rc.d/init.d/firewall: Permission denied

SECOND

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
bash: /etc/rc.d/init.d/firewall: Permission denied

THIRD

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
Firestarter is running...

FOURTH

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
Firestarter is running...


I think it has been running all these months (even though firewall not enabled in VASM) when I start it by typing firestarter in root as it regularly showed inbound events, some serious.  Nonetheless, it is very comforting to know that it is now running even if I forget to start the gui.

« Last Edit: May 30, 2010, 07:26:14 pm by sledgehammer »
VL7.0 xfce4 Samsung RF511

retired1af

  • Packager
  • Vectorian
  • ****
  • Posts: 1280
Re: starting firestarter
« Reply #6 on: May 30, 2010, 07:39:17 pm »
That's one of the reasons I wasn't impressed. What it's indicating as "serious", really isn't.
ASUS K73 Intel i3 Dual Core 2.3GHz

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: starting firestarter
« Reply #7 on: May 30, 2010, 07:55:30 pm »
ps is great for showing running processes.

Bigpaws

sledgehammer

  • Vectorian
  • ****
  • Posts: 1451
Re: starting firestarter
« Reply #8 on: May 30, 2010, 08:32:14 pm »
bigpaws,

ps is great!

ps -A shows that firestarter is running.  Now if I can just remember all this.

VL7.0 xfce4 Samsung RF511

sledgehammer

  • Vectorian
  • ****
  • Posts: 1451
Re: starting firestarter
« Reply #9 on: May 30, 2010, 10:05:28 pm »
So, root:# /etc/rc.d/init.d/firewall status showed firestarter was running and ps -A did not show it as running.  I took out what I had added to /etc/rc.d/rc.local and rebooted. 

root:# /etc/rc.d/init.d/firewall status said firestarter was not running and ps -A still didn't show it.  I checked VASM and firewall was still enabled in services for run level 4.  So I started firestarter as follows:

root:# /etc/rc.d/init.d/firewall start and it said that firestarter was running.  Checked with ps -A and still no firestarter.  I then typed "firestarter" as root as I have been accustomed to doing and the gui showed up.  I then ran ps -A and it showed firestarter running.

Any comments?  Anyone know of another good firewall?  What about just removing firestarter altogether and relying on the VASM firewall? I saved bigpaws' instructions on firewall security some time ago and it still looks a bit too complicated for my skill level.  Unless I hear a better suggestion, I will just start the firestarter GUI each time I reboot.  Apologize in advance if I have not followed the proper guidelines from earlier posts.
VL7.0 xfce4 Samsung RF511

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: starting firestarter
« Reply #10 on: May 31, 2010, 04:43:36 am »
Have you looked at the firestarter site?

http://www.fs-security.com/docs/faq.php

Bigpaws

Andy Price

  • Packager
  • Vectorite
  • ****
  • Posts: 237
Re: starting firestarter
« Reply #11 on: May 31, 2010, 04:54:25 am »
I think you are confusing Firestarter with the actual firewall. Firestarter is just a nice GUI which enables you to add rules to the firewall, which is based on iptables. For example, I needed to add a rule to allow my wife to access a SAMBA share on my PC.

I don't think that seeing the firestarter process running tells you much other than that the GUI is running. If you have enabled the firewall in VASM then doing an lsmod | less will show several modules loaded such as ip_tables and ipt_MASQUERADE, which I presume are the actual firewall.

If you are on a network you can test whether the firewall is doing anything. First ping your PC from another one. Then start Firestarter from a terminal (or from the System menu) and go to Preferences > Firewall > ICMP filtering. Tick the Enable ICMP filtering check box but don't tick any of packet types. Restart the firewall, close the Firestarter GUI and then ping again. You should find it to blocked this time around, showing that the firewall is working.

As for other firewalls, I used Guarddog for a while, but it was a lot more complicated to set up (though it did give very fine control) and it, too, was just a front end for iptables. My guess (hope!) is that Firestarter does the job sufficiently well in the same way as Windows' built-in firewall.

Hope the above makes sense.

retired1af

  • Packager
  • Vectorian
  • ****
  • Posts: 1280
Re: starting firestarter
« Reply #12 on: May 31, 2010, 05:30:21 am »
I'm not sure if Firestarter is a gui front end to iptables or not. I didn't dig into it that much other than to see if it installed properly and took a quick look at the interface. It does install itself as a service, which leads me to believe it's handling the security, rather than iptables. I'd have to play with it longer to see.

I prefer a much more robust solution (such as Guarddog).
ASUS K73 Intel i3 Dual Core 2.3GHz

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: starting firestarter
« Reply #13 on: May 31, 2010, 06:09:08 am »
According to what  I found it is a front end to iptables.

If you want to see if there are any rules for iptables set
then use this command

iptables -L

That will give a list of any rules that are invoked.

Guarddog is also a front end to iptables.

Bigpaws

retired1af

  • Packager
  • Vectorian
  • ****
  • Posts: 1280
Re: starting firestarter
« Reply #14 on: May 31, 2010, 06:31:01 am »
Yeah, I knew Guarddog was. Used it extensively with SOHO 5.x. I thought Guarddog was more robust and allowed you to easily fine tune iptables. I didn't get that impression with Firestarter. Then again, I loved TPF (Tiny Personal Firewall) when it was available for Windows. For a little program, it was a giant when it came to the control you could exercise over your connection (both inbound and outbound).
ASUS K73 Intel i3 Dual Core 2.3GHz