Tutorials/Tips, zenwalk

How to configure Firestarter firewall on Zenwalk 6.2

This is the first preferences screen you’ll see. The options on this screen will ensure that if you close Firestarter, it will still be running in the background and an icon will be placed in the system tray. click Accept.
Note: The version of Firestarter on Zenwalk 6.2 appears to be very unstable: The application crashed repeatedly while writing this tutorial, and the icon could only stay in this system tray for two minutes or less. But, if it will warm your heart, even if the application crashes, the firewall will still be running in the background.
fireconfig

With the options on this screen, you can determine how and what to log. You may choose to not log events for certain hosts or to specific ports, but it is always a good practice to keep an eye on every event hitting your PC. Better to accept the default unless you know what you are doing.
fire config

You of course want any policy changes you make to take effect immediately. Accept.
fire config

If you on a high speed Internet connection, ignore the second option on this screen, and leave the first and third options checked. The third option forces the firewall to be reloaded when you PC renews and gets a new IP address from its DHCP server, which in this case is the DSL modem. The first option forces a reload of the firewall when the program starts up.
fire config

Related Post:  How to wake a VirtualBox guest from suspend mode in Linux

Nothing should be modified on this screen, but if you want the PC to serve as a gateway for other devices on the local network, click the check box next to Enable Internet connection sharing. Enable DHCP for the local network only if the first option is enabled.
network

By default, Firestarter is configured to allow ICMP traffic, with throttling in effect. ICMP (Internet Control Message Protocol – defined in RFC792) is part of the Internet Protocol Suite. It is used for out-of-band error reporting (messaging) pertaining to network operations. If you have no idea what ICMP is, don’t mess with the option(s) on this screen. However, if you want to disallow certain ICMP traffic from hitting this PC, see the section (next page) on “More on ICMP Filtering”. Accept.
icmp filtering

If you intend for certain network traffic to get higher priority than others, enable the Type of Service filtering. Since this is a desktop PC, and not a gateway, better to just accept the default. Traffic prioritization is better handled at the network level.
ToS filtering

This is the last preferences screen, and here is where you tell Firestarter how to handle packets with negative intentions, broadcast traffic, and traffic from reserved addresses. Accepting the default here is recommended. With regards to bad packets (that is packets it has been configured to not allow through), it’s better to have the firewall silently drop the packets, that is, not send back a response to the source (of the packets). Rejecting a packet will send a rejection notice to the probing host. In effect telling it what it wants to know. This is not a good idea.

Related Post:  How to revoke a Let's Encrypt certificate

If the PC, as in this example, has only one (active) network interface card, the block broadcast traffic from external interface will have no effect (in theory, this PC has no true external interface), but it is still safe to enable it. However, you do not want to block broadcast traffic from the internal network, that is from your LAN.

For the last option (Traffic Validation), you should leave it unchecked since most of the traffic coming from the DSL modem into the PC will be in the Private (reserved) address category.
advanced options

That should do it for setting up and configuring Firestarter on Zenwalk 6.2. The next section covers ICMP filtering in a little bit more detail.

Subscribe to LinuxBSDos.com

Subscribe to receive the latest articles in your Inbox

Trust me, you'll not be spammed...

Please share:

We Recommend These Vendors and Free Offers

Register now for Blockchain & Cryptocurrency Con 2018, international conference on blockchain technnology in Dallas, TX (USA), Feb. 23-24, 2018. A 50% discount for students.

Best WhatsApp Plus features in Gbwhatsapp latest APK download

Best binary auto trading software reviews by 7binaryoptions.com

Google has got competition, because Presearch is building a blockchain-based search engine controlled by the community. At $0.15 a token, you can participation in Lot 3 of the token sale by clicking here

Open Money is building a solution that will run mainstream software on blockchain tech. Click here to get free tokens that will be the digital currency of the platform

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*