[Firestarter-user] Firewall not persistent
Brought to you by:
majix
From: The C. <the...@ho...> - 2006-09-26 11:53:15
|
I have posted a bug report on this to both Ubuntu and Firestarter to no ava= il, so I am turning to this community for help. I run Ubuntu 6.06, i386, on a plain vanilla pentium machine, up to date as = of Sep 9, 2006. I installed Firestarter through the synaptic package manage= r. The firewall generated by Firestarter is not persistent. After starting Firestarter through its GUI interface and setting it up for my wired eth0 interface, doing sudo iptables -L -n gives: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHEDfaces LSI all -- 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x0 2 ACCEPT udp -- 192.168.0.1 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0faces ACCEPT all -- 0.0.0.0/0 0.0.0.0/0Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec b urst 5 DROP all -- 0.0.0.0/0 255.255.255.255 DROP all -- 0.0.0.0/0 192.168.0.255 DROP all -- 224.0.0.0/8 0.0.0.0/0faces DROP all -- 0.0.0.0/0 224.0.0.0/8 DROP all -- 255.255.255.255 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID and so on, showing that indeed there is a firewall. Restarting the computer and doing again sudo iptables -L -n will give Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT)runnin target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination i.e. there are no firewall rules, everything is set to ACCEPT. The firewall rules will reappear only if Firestarter is restarted either through its GUI interface or through the command line and will persist until Firestarter is stopped or the computer is rebooted. >From the manual, users would expect the firewall rules to be persistent, if Firestarter was installed through a package. Also, it = is often stated in the Ubuntu forum that Firestarter is "merely" a pretty fron= t end to iptables, and that once the rules are created, these are persistent. Well, not so in my case. The above is reproducible on two different machines. There is at least one= other sufferer at: http://www.ubuntuforums.org/showthread.php?t=3D254906&highlight=3Dfirestart= er This is a serious security risk if an unaware user has any service running = facing the internet and believes to be protected by a persistent firewall. In summary, the firewall established by Firestarter is not persistent in my= case, although I would expect it to be from the manual and the Ubunturunnin forum= s. After a reboot, the firewall rules are set to accept everything until Firestarter is started through its GUI. Any help or comments would be appreciated. _________________________________________________________________ Be one of the first to try Windows Live Mail. http://ideas.live.com/programpage.aspx?versionId=3D5d21c51a-b161-4314-9b0e-= 4911fb2b2e6d= |