Claude Jones wrote:
Thomas Chung (tchung) wrote:
Claude Jones wrote:
I've built my firewall using Firestarter, Ver 1.03. If I turn it
off, and do iptables -vL, I get a wide open no rules iptables list.
When turned on, it has what seems like a very simple 5-policy set of
rules for inbound - no outbound policies at all. Yet, when I give
the iptables -vsL command, I get a huge complex set of rules and
chains that I haven't seemingly configured. I'd post it but it
takes up nearly
three screens. Anyone know the short answer to why this is happenning?
I haven't been using firestarter myself just iptables for firewall so
I just installed firestarter from extras repo for FC3.
I noticed when I give an initial setting, it configures iptables with
rather complex settings.
BTW, there are two ways to turn off firestarer. One, from firestarter
gui tool (Applications > System Tools > Firestarter). Two, using
/sbin/service command.
Thomas Chung
FedoraNEWS.ORG
# service firestarter status
Firestarter is running...
As long as you don't stop firestarer either gui or service command,
it should be running in the background as a service.
If you wish to go back to default firewall using "old-fashion"
iptables, issue following commands.
# service firestarter stop
# chkconfig firestarter off
# system-config-securitylevel
(choose Enable firewall > click OK)
Thomas: I appreciate the suggestions, but, my real question is, what
are all the rules that Firestarter is generating? Where are these
coming from? It looks like the software is making assumptions about
how things should be, and putting in its own rules and chains. There
appears to be no way to affect the configuration or settings of these
rules. I'm interested in the architecture of this software.
If you look in /etc/firestarter directory you will find there a script
that firestarter wizard generates (in latest version they probably split
it into several scripts). Look at it - they write in the comments
explanation for the rules they set.
