Firestarter firewall seems very complex

Pasha e97665728 at 013.net
Mon Mar 21 13:37:55 UTC 2005 

Claude Jones wrote:

> Thomas Chung (tchung) wrote:
>
>>> Claude Jones wrote:
>>> I've built my firewall using Firestarter, Ver 1.03. If I turn it 
>>> off, and do iptables -vL, I get a wide open no rules iptables list. 
>>> When turned on, it has what seems like a very simple 5-policy set of 
>>> rules for inbound  - no outbound policies at all. Yet, when I give 
>>> the iptables -vsL command, I get a huge complex set of rules and 
>>> chains that I haven't seemingly configured. I'd post it  but it 
>>> takes up nearly
>>> three screens. Anyone know the short answer to why this is happenning?
>>>
>>>   
>>
>>
>>
>> I haven't been using firestarter myself just iptables for firewall so 
>> I just installed firestarter from extras repo for FC3.
>>
>> I noticed when I give an initial setting, it configures iptables with 
>> rather complex settings.
>>
>> BTW, there are two ways to turn off firestarer. One, from firestarter 
>> gui tool (Applications > System Tools > Firestarter).  Two, using 
>> /sbin/service command.
>> Thomas Chung
>> FedoraNEWS.ORG
>>
>> # service firestarter status
>> Firestarter is running...
>>
>> As long as you don't stop firestarer either gui or service command, 
>> it should be running in the background as a service.
>>
>> If you wish to go back to default firewall using "old-fashion" 
>> iptables, issue following commands.
>>
>> # service firestarter stop
>> # chkconfig firestarter off
>> # system-config-securitylevel
>> (choose Enable firewall > click OK)
>>
>>
>>
>>  
>>
> Thomas: I appreciate the suggestions, but, my real question is, what 
> are all the rules that Firestarter is generating? Where are these 
> coming from? It looks like the software is making assumptions about 
> how things should be, and putting in its own rules and chains. There 
> appears to be no way to affect the configuration or settings of these 
> rules. I'm interested in the architecture of this software.
>
If you look in /etc/firestarter directory you will find there a script 
that firestarter wizard generates (in latest version they probably split 
it into several scripts). Look at it - they write in the comments 
explanation for the rules they set.

More information about the fedora-list mailing list