The Firestarter preferences dialog holds many options that control the behavior of the graphical interface and the firewall. To access the preferences, either click the button on the toolbar of the status page or use the Edit->Preferences menu entry.
The preferences are divided into two categories; options that change the interface and options that affect the firewall.
The interface options are further divided into three sections, general interface options and options for the events and policy pages.
Enable tray icon. When this option is enabled, Firestarter will display a notification icon in the system tray. The icon shows the same state information as on the status page. It will also flash when a new event occurs. Clicking the icon causes the Firestarter main window to hide or reveal itself.
Minimize to tray on window close. This option is meant to be used together with the tray icon option. When enabled, instead of exiting the application when you close the window, the application is hidden from view but actually continues to run in the background. This is similar to how many instant messengers work. The idea is that you do not want the Firestarter window on your desktop all the time, but you still want get alerts when something happens.
These options control aspects of the events page.
Skip redundant entries. With this option enabled, the list of blocked connections on the events page will filter out identical consecutive events.
Skip entries where the destination is not the firewall. When enabled, this option causes the program to perform a comparison between the firewall's IP and the destination of the blocked connection. If the two do not match, the entry is not shown in the list. This is useful in a few situations, such as when you have disabled the filtering of broadcast events, but still do not want to see them reported.
This page also contains two lists of hosts and ports that are filtered out from the blocked connections list. When you right-click on an entry on the events page and choose Disable Event, the port or source of the entry is added here. Ports and hosts listed here are kept out of the actual firewall event log files, unlike the two previous options which merely hide some of them from view.
The firewall options control some of the more advanced firewalling functions, as well as the choices you made in the initial wizard.
Start/restart firewall on program startup. With this option checked, Firestarter forces a reload of the firewall when you start the graphical interface.
Start/restart firewall on dial-out. This option adds the firewall service to the list of programs to run when a dial-up connection is established. It ensures the firewall is properly restarted when you are assigned a new IP address.
Start/restart firewall on DHCP lease renewal. This option causes the firewall to be restarted when your service provider issues you a new IP address.
The options related to the network settings allow you choose the network devices associated with your Internet connection and internal network, if you have one. All network devices in the computer are automatically detected, you only have to choose one from the drop down list of available choices.
Enable Internet connection sharing. This option allows you share the firewall's Internet connection with the other machines on the local network. For more information, please see the chapter on Internet connection sharing.
Enable DHCP for the local network. DHCP is a network service that allows for automatic distribution of the network settings to computers on your local network. For in detail information about configuring the DHCP service, see configuring the DHCP server.
By default Firestarter allows ICMP traffic, although it throttles it somewhat to prevent excessive flooding or Denial of Service attacks. By enabling ICMP filtering you can block these services altogether. Note that blocking a certain ICMP type also prevents you from using it yourself.
Firestarter allows control of the following ICMP types:
Type of Service filtering allows the firewall in some cases to increase the throughput or reliability for certain applications. It does this by re-prioritizing the traffic. Type of Service prioritization needs to be supported by the network you connect to, in practice this limits the area of effect to local networks.
Firestarter can prioritize the traffic for typical workstation and server tasks. Additionally, applications running remotely over the X Window system can be also prioritized. Either the total throughput, connection reliability or the application interactivity can be maximized for the selected work tasks.
The advanced options are mainly for the experienced user.
Preferred packet rejection method. Firestarter can either reject or drop connections that are not allowed by the security policy. When the firewall rejects a connection, it sends an error packet to the source telling it the connection was denied. Dropping a connecting on the other hand does nothing. In this case the source of the denied connection is non the wiser, in some cases it is even impossible to tell whether there is a machine at the firewall's IP at all. Since rejecting connections allows the remote party to map the network services as well as waste your bandwidth, we recommend you keep the default behavior of dropping connections silently.
Block broadcast traffic. This option blocks all network traffic with a destination or source address that marks it as either a global or local broadcast.