Configuring Firestarter using the Firewall Wizard

Firestarter uses a gnome-druid interface to let the user configure various aspects of their setup. The following chapter steps through the process of configuring your firewall using the wizard interface provided. Users should note, unless you have specifically enabled the 'advanced' options ( see for details. ) you will only see the options explained on the `standard' page. Reasonable defaults will be assumed for 'advanced' options.

Standard Configuration

Title

Welcomes you to the application, press Next to continue or Cancel to return to the desktop.

Network Device Configuration

Asks you to select your interface from the `Detected Device' list provided. The wizard attempts to discover all interfaces that are currently active on your machine. Generally, you should use either PPPxx or ETHxx devices unless you are an advanced user.

Network Services Configuration

This option allows you to select the interfaces you wish to provide publically from this computer. Generally, unless you are going to be using your machine as a DMZ, or providing proxied services for external machines on the internet (e.g access to a web server on the company intranet) you should select the 'No' option. Note: This option should not be confused with the services you wish to provide to clients behind the firewall.

ICMP Configuration

This option allows you to select which ICMP options you would like to receive on the external interface. By default, Firestarter allows all forms of ICMP messages through the firewall. Thus, it is advised to at least filter some forms of ICMP communication. The options you can select include:

  • Echo Commonly used in ping flood attacks and fingerprinting techniques, unless you are playing network games or are configuring a network for the first time, you should filter these.

  • Traceroute & Microsoft Traceroute Used to find the paths between networks. Useful for configuring networks for Quality of Service as well as detecting network dropouts. Microsoft Traceroute should be filtered if you (or your uplink) do not operate Microsoft DNS servers. Standard Traceroute should be filtered if you are running a personal network and probably left alone otherwise.