Previous Firestarter in a nutshell Index Installation Next

A quick tutorial

Starting Firestarter

After downloading and installing Firestarter, you will find the Firestarter icon in your desktop's programs menu. For example, in Fedora Core the Firestarter icon is located in the System tools menu. Alternatively you can run the program by simply executing "firestarter" from either a command line or from the Run Application... dialog (accessed by pressing Alt-F2).

Password prompt

Unless you are already logged in as root, you will be prompted for your root user password when starting Firestarter as a regular user.

Running Firestarter for the first time

Since you are running Firestarter for the first time, a wizard is launched. Following the welcome screen, you will be asked to select your network device from a list of detected choices for your machine. In case you have multiple devices, select the one that provides your Internet connection, otherwise you can use the default supplied.

In case your machine has multiple devices and can act as a gateway for your network, you will next have the option of sharing your Internet connection among all the computers on your local network. Again, simply select the local network connected device from the list of detected devices. If you wish for the clients to acquire their network settings automatically, simply check the option to Enable DHCP for local network.

Having completed the wizard, click the save button on page final page. The firewall is now ready and running, and your machine has an added layer of security. Firestarter now works in its default mode, which is a restrictive policy for incoming traffic and a permissive stance towards outgoing connections. This means you are fully protected against connection attempts from the outside, but are still able to browse the web, read your email, etc. as normal. There is no need to further configure Firestarter if you are satisfied with these defaults.

Read more about the wizard.

Trying out the Firestarter interface

The main Firestarter application

Let's take a quick look at some of the features of the program itself. The application is divided into three pages, accessed through a tabbed notebook interface. These pages are Status, giving you an fast overview of state the firewall, Events, where blocked intrusion attempts and the firewall history is shown, and Policy, where you alter the behavior of the firewall by creating security policy.

From the Status page where you start out you can further access the preferences where you can change your network settings, as well as enable advanced options such as ICMP or ToS filtering. For now, let's take a look at the Events page.

Reacting to events

On the events page you will see all connections that the firewall has terminated since you started the program. By pressing the reload button you can also import all the previous events as recorded in the system log. This is really the core of the Firestarter program. Firestarter starts out in a restrictive mode, providing complete protection against incoming intrusions. That means that if you are running a legitimate service on your machine, for example a web server or SSH, connections to these services will also be stopped and recorded here at first.

Traditional firewalls will have you scrambling for the settings and configuration files at this point. However, when you see a connection attempt that you want to authorize, you simply right-click the entry in Firestarter and select "Allow inbound service for everyone". If you want to give access to the machine that is attempting the connection, but without even letting anyone else know that you're running the service in question, select "Allow inbound service for source". This is known as stealthing and can be a very powerful tool.

Creating policy

The previous example of enabling the service could also have been accomplished from the Policy page. However, it is not just a gimmick, in reality you will want to create policy from events often for maximum security. By opening services to select machines only after the connection attempt, as shown above, you effectively minimize your exposure on the net. It's also very convenient.

Let's take a look at a legitimate reason to resort to the Policy page. Say Firestarter is running on your gateway, doing Internet connection sharing for your local network. On your local network you have a desktop, on which you wish to use the BitTorrent application. In the BitTorrent manual it tells you to "forward ports 6881-6889 from your firewall". With Firestarter this kind of setup is a piece of cake. Select the Policy page, right click on the list marked Forward service and select Add rule. You will be presented with a dialog for creating a new policy rule. Select BitTorrent from the service drop-down, fill in the IP of the client and you're done. Click the Apply Policy button to apply the changes.

Of course, that's only scratching the surface of what the Policy page can do. Another powerful feature is the ability to restrict outgoing traffic. For more information, refer the section on working with outbound policy.

Quitting the program

A frequently asked is question is, what happens when you quit the program. The answer is that the firewall will keep functioning. If you are running Firestarter as a system service, which is automatically set up for you when installing Firestarter from a binary package, the firewall is in many cases even running before you start the program.

Previous Firestarter in a nutshell Index Installation Next