[Firestarter-user] Firewall not persistent

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have posted a bug report on this to both Ubuntu and Firestarter to no ava=
il, so I am turning to this community for help.

I run Ubuntu 6.06, i386, on a plain vanilla pentium machine, up to date as =
of Sep 9, 2006. I installed Firestarter through the synaptic package manage=
r.

The firewall generated by Firestarter is not persistent. After starting
Firestarter through its GUI interface and setting it up for my wired
eth0 interface, doing

            sudo iptables -L -n

gives:

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHEDfaces
      LSI all -- 0.0.0.0/0 0.0.0.0/0

      Chain INPUT (policy DROP)
      target prot opt source destination
      ACCEPT tcp -- 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x0 2
      ACCEPT udp -- 192.168.0.1 0.0.0.0/0
      ACCEPT all -- 0.0.0.0/0 0.0.0.0/0faces
      ACCEPT all -- 0.0.0.0/0 0.0.0.0/0Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec b urst 5
      DROP all -- 0.0.0.0/0 255.255.255.255
      DROP all -- 0.0.0.0/0 192.168.0.255
      DROP all -- 224.0.0.0/8 0.0.0.0/0faces
      DROP all -- 0.0.0.0/0 224.0.0.0/8
      DROP all -- 255.255.255.255 0.0.0.0/0
      DROP all -- 0.0.0.0/0 0.0.0.0
      DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID

and so on, showing that indeed there is a firewall.

Restarting the computer and doing again

      sudo iptables -L -n

will give

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)runnin
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

i.e. there are no firewall rules, everything is set to ACCEPT. The firewall
rules will reappear only if Firestarter is restarted either through its GUI
interface or through the command line and will persist until
Firestarter is stopped or the computer is rebooted.

>From the manual, users would expect the firewall rules
to be persistent, if Firestarter was installed through a package. Also, it =
is
often stated in the Ubuntu forum that Firestarter is "merely" a pretty fron=
t end to
iptables, and that once the rules are created, these are persistent.

Well, not so in my case.

The above is reproducible on two different machines.  There is at least one=
 other
sufferer at:
http://www.ubuntuforums.org/showthread.php?t=3D254906&highlight=3Dfirestart=
er

This is a serious security risk if an unaware user has any service running =
facing
the internet and believes to be protected by a persistent firewall.

In summary, the firewall established by Firestarter is not persistent in my=
 case,
although I would expect it to be from the manual and the Ubunturunnin forum=
s.
After a reboot, the firewall rules are set to accept everything
until Firestarter is started through its GUI.

Any help or comments would be appreciated.

_________________________________________________________________
Be one of the first to try Windows Live Mail.
http://ideas.live.com/programpage.aspx?versionId=3D5d21c51a-b161-4314-9b0e-=
4911fb2b2e6d=