Most modern GNU/Linux distributions are secure with their default minimal installs, whether desktop or server, while some distributions are designed specifically with security in mind. However, any GNU/Linux distribution that needs services available to other users or systems will need either enhanced or configurable security. There are other situations in which added security is beneficial; for example, a large environment, while secure to the outside world, would be enhanced with additional security measures in place.

Network design

There are typically only a few types of networks in smaller environments. A single computer that communicates with the internet via a single cable modem or DSL line, or a single internet connection that is shared between multiple computers are two examples (figure 1). Ideally, the internet connection is protected with a standalone firewall: either a firewall appliance or dedicated GNU/Linux firewall such as IPCop. Due to cost, location or space concerns the ideal is not always possible and the firewall must be on a single workstation or multiple purpose workstation that acts as a gateway for the other systems. In a larger environment with multiple operating systems, some insecure by default, a personal firewall enhances security, especially if a workstation contains sensitive information.

Figure 1: Two network types

iptables is a tool—included as a standard part of GNU/Linux distributions—which is used to configure GNU/Linux firewalls. iptables can be configured manually, or with firewall configuration tools like Shorewall, Firestarter and various GUI front ends that are bundled with GNU/Linux distributions. These tools make configuring firewalls much simpler than the manual command line procedures, while giving you less granularity—a feature that may not be typically needed with less complex configurations.

Firestarter

According to the the Firestarter web site, “Firestarter is an Open Source visual firewall program”. Primarily, Firestarter is a GUI front end for iptables, that removes the complexity of setting up a simple firewall for workstations, laptops, and servers. Even though the web site indicates Firestarter could be used to configure a gateway or dedicated firewall, I would be hesitant to use a computer with a desktop environment in this manner. It would be preferable, and more secure, to use a firewall geared distribution for a standalone firewall. Additional features of Firestarter are: a configuration wizard, a real-time event monitor, an internet connection sharing configuration, a DHCP server configuration, and inbound and outbound access policies.

Installation

Software installation with most modern GNU/Linux distributions has become a nearly trivial task. As I still prefer the feedback of text based installs and the ease of not having to navigate through too many menus, installation of Firestarter is straightforward from the command line. On an Ubuntu system, access the terminal application through the desktop menu system, Applications→Accessories→Terminal. At the terminal prompt type sudo apt-get install firestarter; at the password prompt, enter your password. Note that APT will suggest an additional package, dhcp3-server, which would be used on a gateway system to provide DHCP services as well as the firewall. A similarly simple installation on a Fedora system uses the yum package manager, as root enter yum install firestarter.

You can also install Firestarter from the GUI; in Ubuntu, for example, run System→Administration→Symaptic Package Manager, and simply look for “Firestarter” in the search form. Keep in mind that the repository “Universe” needs to be enabled.

Once the installation is complete, from the desktop menu select System→Administration→Firestarter. The first time Firestarter is started, the configuration wizard is run. Since the firewall will be run as a privileged user, i.e. root, you will be prompted for your password. The configuration wizard takes you through a simple process to configure a basic firewall. You are first greeted with a welcome screen: click on the “Forward” button. The “Network Device Setup” dialog box displays the detected network devices and there and two check boxes (figure 2). The first check box is to start the firewall on dial-out; in other words, it will start the firewall while using the dial-up network connection. The second check box is to allow a system to receive an IP address through a DHCP server, for example through an ISP cable modem or DSL line, or the company DHCP server. Select the internet side network device from the drop down box; if you have only a single network device, as in this example, use the default eth0 device and click on the “Forward” button.

Figure 2: Network Device Setup dialog

Configuration options

The “Internet Connection Sharing” dialog box allows you to enable connection sharing, using the system as a gateway. If there is a second network device, it will be selected here as the local network side of the gateway. The checkbox in the dialog also allows you to enable a DHCP server on the local network. Since, in this example, there is only one network device, use the defaults and press the “Forward” button. The final dialog box, “Ready to start your firewall”, allows you to save the configuration and start the firewall; since this is what you want to do, click on the “Save” button (figure 3). This completes the initial configuration and the Firestarter Status Page displays (figure 4).

Figure 3: Starting the firewall

Figure 4: Firestarter Status Page

The first basic preference that should be set is the “Minimize to tray on window close” preference. This will display an icon in the system tray that will indicate the status of the Firestarter firewall, either running, stopped or locked. Locking the firewall disallows all incoming and outgoing network connections. To change the settings, in the Status Page menu select Edit→Preferences or click on the “Preferences” button. On the Interface section of the preferences dialog, enable the “Minimize to tray on windows close” check box, then click on the “Accept” button.

Viewing events

Possibly one of the nicest features of Firestarter is the ability to view real time events via the Events Page. To view these events click on the “Events” tab on the Status Page (figure 5). By default, five (time, port, source, protocol and service) of eleven columns are displayed in the event view. The columns are customizable under the “Show Column” section of the “Events” menu item. Events are color coded by severity:

• gray for harmless (e.g. broadcasts)
• black events are for regular connection attempts to a random port
• red for possible attempts to non-public services