Firestarter is the easiest Linux firewall front-end I’ve found. I’ve used it off-and-on since I loaded my first Linux box almost six years ago. Unlike many Windows firewall programs I’ve used, it doesn’t nag; doesn’t display useless messages; and, being free and open source, doesn’t ask for money for upgrades.
It just sits there and works.
I use the term “front-end” because firewall capability is built directly into the Linux kernel; it’s called “iptables.” Linux “firewall” programs do not run the firewall. Instead, they configure the already-existing capability, including setting it to start automatically; the kernel actually “runs” the firewall.
When you first run Firestarter, a wizard starts. After a welcome screen, it asks you to select your network connection (generally, eth0 refers to a wired connection and eth1 to a wireless connection in a machine that has both). If you have multiple network cards, this allows you to point the firewall at one of them–usually the one facing the Big Wide World–while using the other(s) for internal network functions such as sharing the connection, serving files, or routing.
The next screen asks whether you want to turn on internet connection sharing and allow the computer to act as a DHCP server. If you select the DHCP server, additional DHCP-related options are displayed. (Even more options are available in the standard Firestarter interface under Edit–>Preferences–>Firewall, but I won’t go into them because I suspect they are irrelevant to most persons’ needs).
The next screen presents an option to “Start Firewall Now.” Selecting it and clicking “Save” starts the firewall and displays the standard Firestarter interface, shown below:
The blue circle indicates that the firewall is running. Clicking “Active Connections” at the bottom opens a dialog showing currently connected addresses and the ports they are using.
Next: Establishing Policies
The Note at the End: Getting Firestarter:
Firestarter is available for download in three formats:
- Debian package (*.deb)
- Fedora packages (*.rpm)
- Source code (*.tar.gz).
If your system is based on Debian or Fedora, Firestarter is likely in your repositories. You can also download the packages from the Firestarter website.
If you choose to compile from sources, note that Firestarter requires the presence of certain Gnome libraries (“dependencies” in Linux lingo). It’s easiest just to install Gnome, even if you plan not to use it. All that matters is that the libraries are available to Firestarter to use.
If you don’t wish to install Gnome, you will need to resolve the dependencies yourself. Error messages thrown during compiling the program will tell you what libraries are missing.