This how-to tells you how you can make sure your firewall configuration starts with your wired or wireless wicd connection, and how you can restart the firewall when you switch from one to the other.
I had three problems with Firestarter on VL6.First
, I couldn't launch it. I got a message saying "proper configuration not found".
This was easily solved by reinstalling the firestarter package with gslapt.
Then, start firestarter, put in your root password, go through the wizard, and configure your firewall appropriately.Second
, once the firewall was configured, I enabled the firewall service in Vasm. However, the firewall wouldn't start on boot, because my wireless connection isn't up by that time.
This is solved by pressing the "script" button in a wicd connection (wired or wireless) and having wicd run a post-connection script that will start the firewall.
This will work:
The script will start your firewall after
wicd gets the interface up. You can disable the firewall service in VASM.
This is all fine if you always use the same network interface (always wired, or always wireless, for example). But...Third
, as far as I know, firestarter doesn't easily handle multiple network interfaces. If you boot up with a different interface (or switch from a wireless to a wired connection), the firewall won't start. You need to launch firestarter, change the preferences, and restart the firewall (or go through the wizard again).
This is solved by creating two scripts.
I named them "/etc/firestarter/firestarter-eth0.sh" and "/etc/firestarter/firestarter-wlan0.sh" (as root).
You should replace the names with your network interfaces.
The content of the /etc/firestarter/firestarter-wlan0.sh script is:
sed -i 's/eth0/\wlan0/' /etc/firestarter/configuration
(again, your two interface names will go on the sed line, instead of eth0 and wlan0)
The /etc/firestarter/firestarter-eth0.sh script is the same, except you change the order of the two interfaces in the sed line:
sed -i 's/wlan0/\eth0/' /etc/firestarter/configuration
Then make sure you make them accessible to root only:
chmod 700 /etc/firestarter/firestarter-wlan0.sh
chmod 700 /etc/firestarter/firestarter-eth0.sh
What these scripts do is replace one interface by the other in the firestarter configuration file, and then start the firewall.
Finally, you'll have to put these scripts in each wicd connection appropriately (instead of the above script in point 2, that only works for a single network interface).
Press the script button for the wired connection and write "/etc/firestarter/firestarter-eth0.sh" in the post-connection space.
Do the same for every
wireless connection that you usually use (but writing "/etc/firestarter/firestarter-wlan0.sh" instead). It's a bit of a pain, but as far as I know, wicd doesn't do "general" scripts, only per-connection ones.
This way you can be sure that no matter what connection you're using when you boot up your computer (or if you switch to another interface mid-session), your firewall will be up and running.
It seems to work fine with the tests I've made, but I would appreciate other people checking this.
There might be easier ways. Thanks!
(the nice sed line comes from here: http://kintoandar.blogspot.com/2008/09/firestarter-firewall-switch.html