Previous Advanced topics Index Kernel requirements Next

Persistence of the firewall

A frequently asked question is, what is the state of the firewall when you are not running the Firestarter program? The answer is that it depends. If you installed the Firestarter from a binary package such RPM or Deb, the firewall will be running all the time (dial-up users excluded) and independent of the graphical interface, even after a reboot. In these cases the firewall is registered as a system service and can be manipulated using the standard Linux system service and runlevel management tools.

If you compiled and installed Firestarter from source and are using a Fedora, Red Hat, SuSE or Mandrake based Linux distribution, you have the option of installing a system init script. See the installation instructions on how to do so. Other distributions include their own customized init scripts in the Firestarter binary packages they provide. Once the init script is installed and activated, Firestarter is running as a system service.

If you compiled from source and are not using an init script the firewall is active from the moment you run Firestarter to the next reboot. See the notes about starting the firewall manually below for increasing your firewall coverage.

In addition to the behaviors described above the usage of a DHCP daemon further extends the coverage. When the network device bound to the DHCP service is assigned an IP address (either when connecting for the first time or on a lease renewal) the firewall is either started or refreshed. Note that this occurs even if the firewall was stopped, either from the Firestarter program or from the init scripts. Currently this service is provided when using either the DHCPD or dhclient programs (this covers pretty much any modern distribution). When using DHCP it is therefore not strictly necessary to have an init script.

The System Init Scripts

Firestarter comes with a SysV style init script for managing the firewall. The script provides the following functions:

See the manual entry for the status page for information about the various firewall states.

The functions can be invoked by appending them as parameters to the script. For example, on a Red Hat / Mandrake distribution you can start the firewall by running /etc/init.d/firestarter start. Most distributions also include tools, like chkconfig, to manage the service scripts. These tools allow you to change the boot priority and many other parameters of the services.

Managing the Firewall Manually From the Console

The Firestarter program accepts a number of command line parameters for manipulating the firewall. Run firestarter --help for the complete list of options. If you installed from RPM make sure you're running /usr/sbin/firestarter and not /usr/bin/firestarter as the later is merely a wrapper.

Dial-up Issues

The firewall must be started after you have established your connection to your ISP. In the Firestarter wizard there is an option to automatically start the firewall on dial-out. This option does not work with some dialers. For example, if you are using the kppp dialer application you will have to set up the dialer to start the firewall after a connection is established. Kppp includes an option to launch scripts when a connection is established which does the job nicely.

Previous Advanced topics Index Kernel requirements Next