Previous The status page Index The policy page Next

The events page

The events page

The events page shows the history of connections blocked by the firewall. As such, there is no need to act upon the entries. There are however many actions you can apply to the entries of denied connections, these then affect how the firewall will treat similar traffic in the future.

Firestarter color codes the entries according to how much attention you should pay them:

The event list

A number of data is gathered for each blocked connection. By default only a subset of these are shown, you can add more through the Events->Show Column menu.

The data columns available are:

By right-clicking on an event entry and selecting Lookup Hostnames from the context menu, the source and destination IP addresses can be converted into human readable hostnames.

The currently loaded list can be saved to disk in a human readable format through the save button on the toolbar.

The clear button will erase the currently visible events, while the reload button will load the entire firewall history from disk. Most Linux distributions will eventually rotate the logs in order to keep them from growing indefinitely, there is no need to purge the log manually. If the reloading of the events history is taking a very long time, it is possible to cancel the operation from the toolbar.

Acting on the event entries

Each entry in the list of blocked connections has a context sensitive menu associated with it, accessed by the right mouse button. These actions change how the firewall will treat a similar connection the next time it sees it. The actions act as shortcuts for manipulating the policy system, what they really do is create new rules on the policy page. Depending on the type of event entry you are invoking the context menu on, you are presented with different actions.

The actions for the inbound entries are:

The actions for the outbound entries are:

Outbound entries generally only show up when you have restrictive outbound policy.

Filtering the events

Besides the policy actions available in the context menu for the event entries, there are also two options that help to manage the list itself. These are Disable Events from Source and Disable Events on Port.

As the names says, these options disable events from specific sources or on selected ports respectively. Selecting one of these options will therefore keep events matching the criteria of the list. Note that this has no effect on whether the connection is in fact blocked or not.

The list of currently filtered sources and ports can be found in the preferences.

Previous The status page Index The policy page Next