Firestarter firewall seems very complex
Claude Jones
claude_jones at levitjames.com
Mon Mar 21 11:55:00 UTC 2005
Thomas Chung (tchung) wrote:
>>Claude Jones wrote:
>>I've built my firewall using Firestarter, Ver 1.03. If I turn it off, and do iptables -vL, I get a wide open no rules iptables list. When turned on, it has what seems like a very simple 5-policy set of rules for inbound - no outbound policies at all. Yet, when I give the iptables -vsL command, I get a huge complex set of rules and chains that I haven't seemingly configured. I'd post it but it takes up nearly
>>three screens. Anyone know the short answer to why this is happenning?
>>
>>
>>
>
>
>I haven't been using firestarter myself just iptables for firewall so I just installed firestarter from extras repo for FC3.
>
>I noticed when I give an initial setting, it configures iptables with rather complex settings.
>
>BTW, there are two ways to turn off firestarer. One, from firestarter gui tool (Applications > System Tools > Firestarter). Two, using /sbin/service command.
>Thomas Chung
>FedoraNEWS.ORG
>
># service firestarter status
>Firestarter is running...
>
>As long as you don't stop firestarer either gui or service command, it should be running in the background as a service.
>
>If you wish to go back to default firewall using "old-fashion" iptables, issue following commands.
>
># service firestarter stop
># chkconfig firestarter off
># system-config-securitylevel
>(choose Enable firewall > click OK)
>
>
>
>
>
Thomas: I appreciate the suggestions, but, my real question is, what are
all the rules that Firestarter is generating? Where are these coming
from? It looks like the software is making assumptions about how things
should be, and putting in its own rules and chains. There appears to be
no way to affect the configuration or settings of these rules. I'm
interested in the architecture of this software.
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list