How to configure Firestarter firewall on Zenwalk 6.2

This is the first preferences screen you’ll see. The options on this screen will ensure that if you close Firestarter, it will still be running in the background and an icon will be placed in the system tray. click Accept.
Note: The version of Firestarter on Zenwalk 6.2 appears to be very unstable: The application crashed repeatedly while writing this tutorial, and the icon could only stay in this system tray for two minutes or less. But, if it will warm your heart, even if the application crashes, the firewall will still be running in the background.

With the options on this screen, you can determine how and what to log. You may choose to not log events for certain hosts or to specific ports, but it is always a good practice to keep an eye on every event hitting your PC. Better to accept the default unless you know what you are doing.
fire config

You of course want any policy changes you make to take effect immediately. Accept.
fire config

If you on a high speed Internet connection, ignore the second option on this screen, and leave the first and third options checked. The third option forces the firewall to be reloaded when you PC renews and gets a new IP address from its DHCP server, which in this case is the DSL modem. The first option forces a reload of the firewall when the program starts up.
fire config

Nothing should be modified on this screen, but if you want the PC to serve as a gateway for other devices on the local network, click the check box next to Enable Internet connection sharing. Enable DHCP for the local network only if the first option is enabled.

By default, Firestarter is configured to allow ICMP traffic, with throttling in effect. ICMP (Internet Control Message Protocol – defined in RFC792) is part of the Internet Protocol Suite. It is used for out-of-band error reporting (messaging) pertaining to network operations. If you have no idea what ICMP is, don’t mess with the option(s) on this screen. However, if you want to disallow certain ICMP traffic from hitting this PC, see the section (next page) on “More on ICMP Filtering”. Accept.
icmp filtering

If you intend for certain network traffic to get higher priority than others, enable the Type of Service filtering. Since this is a desktop PC, and not a gateway, better to just accept the default. Traffic prioritization is better handled at the network level.
ToS filtering

This is the last preferences screen, and here is where you tell Firestarter how to handle packets with negative intentions, broadcast traffic, and traffic from reserved addresses. Accepting the default here is recommended. With regards to bad packets (that is packets it has been configured to not allow through), it’s better to have the firewall silently drop the packets, that is, not send back a response to the source (of the packets). Rejecting a packet will send a rejection notice to the probing host. In effect telling it what it wants to know. This is not a good idea.

If the PC, as in this example, has only one (active) network interface card, the block broadcast traffic from external interface will have no effect (in theory, this PC has no true external interface), but it is still safe to enable it. However, you do not want to block broadcast traffic from the internal network, that is from your LAN.

For the last option (Traffic Validation), you should leave it unchecked since most of the traffic coming from the DSL modem into the PC will be in the Private (reserved) address category.
advanced options

That should do it for setting up and configuring Firestarter on Zenwalk 6.2. The next section covers ICMP filtering in a little bit more detail.

Related Posts

How to change the default route in Linux This is just a short article that shows how to change the default network route in Linux. Before I show how to do it, hoping that it helps somebody, l...
How to install Ajenti on Ubuntu 13.04 server Ajenti is a server administration panel for Linux distributions and FreeBSD. It is similar to cPanel, ISPConfig and others like them, but kinda light ...
2 cool features to expect in KDE 4.9 The first beta of what will become KDE 4.9 was released yesterday, just four day past due date. After the usual round of testing and more pre-stable r...
How to dual-boot Linux Mint Debian Edition and Windows 7 This is the latest article in the series on dual-booting Linux and BSD desktop distributions with Windows 7. And this one provides step-by-step direct...
How to upgrade the Linux Mint 17.1 kernel from version 3.13 to 3.16 This short tutorial shows how to upgrade the kernel in Linux Mint 17.1 from version 3.13 to version 3.16. If you upgraded your copy of Linux Mint 1...
Top 6 Linux and BSD graphical installation programs New users tend to flock to distributions with easy to use installation programs, that is, to distributions with graphical installers. Some people will...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Leave a Comment

Your email address will not be published. Required fields are marked *