Home > Desktop User > Firewall on Debian Lenny

Firewall on Debian Lenny

There is no doubt that a Linux system is many times more secure than a Windows one. That isn’t an excuse to ignore risk however, as there are still ways to compromise a system. The internet is still the modern equivalent of the Wild West and you need to protect yourself whatever you do.
Installing a firewall should be job number one for any machine of any kind that is going to be connected to a network. Even geeks like me who have a hardware firewall on their router, still have a firewall on the local machines as a second line of defense against the naughty people.

468_deb

This is where Debian falls down in my opinion. There is an iptables basis for a firewall built in, but it seems to need a lot of configuration to get it working. I got round this by using Firestarter, which is an external program that packages everything in a nice friendly GUI.
Firestarter is available through Synaptic Package Manager or apt-get, and installs quite quickly. There are a couple of configuration screens but the defaults are pretty much all you need unless you still use dialup or want to share your connection with other machines.

apt-get install firestarter
If installed through apt-get or Synaptic the package installs itself as a service so it will run whenever you use your machine. This is a good thing as you are automatically protected. I’m not sure I’m quite up to configuring a firewall every time I use the machine!
I love wizards, I think they are great. Tall pointy hats and big sleeves. No!
Firestarter has a configuration wizard which takes all the grunt work out of setting things up for you. The program automatically detects your network hardware and asks you to choose your Internet facing device. If you are on broadband or have a switch or router then this will probably be eth0.
Unless you have a static IP address, leave the tick by IP Address is assigned via DHCP. This option will be suitable to most users as the majority of ISPs use dynamic IP addressing.

You next choice will be whether to allow internet connection sharing. That is if you want other machines to connect to the internet through your Debian box.
The next page is the last one. See, I told you it was easy.
Here you get to save your options and start the program. If you save here and change your mind later, you can always reconfigure it, nothing is written in stone.

f1

f2

f3

f4

When you first start Firestarter you will see the status page. It shows you pretty much what’s going on with it. The main thing you want to check is the Status on the left. There should be a blue circle with the word ‘Active’ underneath. If you have that then you are protected.

f5

When the firewall is active it will record any events that it sees. You can check these on the Events page. It is wise to check this page periodically once first configured to ensure it isn’t blocking something you want to let through. Other than that you can just leave it alone to do its thing!
Firewalls are another massive subject that go way beyond the scope of this post, but you should at least have a basic understanding of one of many firewall options open to you and have one running while you explore the subject further.

About these ads
  1. debian_user
    May 5, 2009 at 9:12 am

    By installing and configuring a firewall like this one you do not increase the security of the system. By default you have the unused ports blocked, but you may open such you don’t use with Firestarter/Guarddog. If you have time and patience, the Debian securing (was it “hardening”) manual is more than enough to follow.

  2. December 6, 2009 at 7:15 am

    I must agree with “debian_user said”,
    a firewall makes not much sense on a Linux/Unix machine …

    The only use i see is if you have a developing machine (apache for 0.0.0.0) and you want to block non local access while your in the internet cafe with your development machine (laptop^^)

    Greetings from China
    xuedi

  1. May 12, 2009 at 2:57 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 55 other followers

%d bloggers like this: