This is the first preferences screen you’ll see. The options on this screen will ensure that if you close Firestarter, it will still be running in the background and an icon will be placed in the system tray. click Accept.
Note: The version of Firestarter on Zenwalk 6.2 appears to be very unstable: The application crashed repeatedly while writing this tutorial, and the icon could only stay in this system tray for two minutes or less. But, if it will warm your heart, even if the application crashes, the firewall will still be running in the background.
With the options on this screen, you can determine how and what to log. You may choose to not log events for certain hosts or to specific ports, but it is always a good practice to keep an eye on every event hitting your PC. Better to accept the default unless you know what you are doing.
You of course want any policy changes you make to take effect immediately. Accept.
If you on a high speed Internet connection, ignore the second option on this screen, and leave the first and third options checked. The third option forces the firewall to be reloaded when you PC renews and gets a new IP address from its DHCP server, which in this case is the DSL modem. The first option forces a reload of the firewall when the program starts up.
Nothing should be modified on this screen, but if you want the PC to serve as a gateway for other devices on the local network, click the check box next to Enable Internet connection sharing. Enable DHCP for the local network only if the first option is enabled.
By default, Firestarter is configured to allow ICMP traffic, with throttling in effect. ICMP (Internet Control Message Protocol – defined in RFC792) is part of the Internet Protocol Suite. It is used for out-of-band error reporting (messaging) pertaining to network operations. If you have no idea what ICMP is, don’t mess with the option(s) on this screen. However, if you want to disallow certain ICMP traffic from hitting this PC, see the section (next page) on “More on ICMP Filtering”. Accept.
If you intend for certain network traffic to get higher priority than others, enable the Type of Service filtering. Since this is a desktop PC, and not a gateway, better to just accept the default. Traffic prioritization is better handled at the network level.
This is the last preferences screen, and here is where you tell Firestarter how to handle packets with negative intentions, broadcast traffic, and traffic from reserved addresses. Accepting the default here is recommended. With regards to bad packets (that is packets it has been configured to not allow through), it’s better to have the firewall silently drop the packets, that is, not send back a response to the source (of the packets). Rejecting a packet will send a rejection notice to the probing host. In effect telling it what it wants to know. This is not a good idea.
If the PC, as in this example, has only one (active) network interface card, the block broadcast traffic from external interface will have no effect (in theory, this PC has no true external interface), but it is still safe to enable it. However, you do not want to block broadcast traffic from the internal network, that is from your LAN.
For the last option (Traffic Validation), you should leave it unchecked since most of the traffic coming from the DSL modem into the PC will be in the Private (reserved) address category.
That should do it for setting up and configuring Firestarter on Zenwalk 6.2. The next section covers ICMP filtering in a little bit more detail.