Firewalling Linutop with Firestarter
Even the most basic routers these days offer the NAT feature and firewall capabilities which protect your machines on the local network. But there are situations when you have to connect your Linutop directly to the Internet, or bypass the router’s firewall (for example, if you want to use Linutop as a server accessible from the outside). In this case, a decent firewall tool is essential. The problem is, though, that many firewall applications are not particularly user-friendly and you really have to know what you are doing when configuring them.
If tweaking a firewall via the command line is not your cup of tea, then you’ll appreciate Firestarter, a graphical application which significantly simplifies the process of setting up and configuring a firewall. To install Firestarter, run the sudo apt-get install firestarter command, or use the Synaptic package manager.
When you launch Firestarter, it runs the Firewall Wizard which guides you through the process of configuring the firewall. The first step is to choose the network interface you want to protect. In the Network device setup screen, select the desired network interface from the Detected device(s) drop-down list. Tick the IP address is assigned via DHCP check box if your machine receives its IP address automatically. If you are not sure how your machine acquires an IP address, then tick the check box; you can change this option later if it doesn’t work by running the wizard again. The next screen — Internet connection sharing setup — allows you to enable sharing of the firewall host’s Internet connection with all the computers on your local network and to assign them IP addresses via DHCP. This feature, however, requires two wired network interfaces, so you can safely skip it. Press the Next button, tick the Start firewall now check box, and press Save. This starts the firewall and opens Firestarter’s main window.
Firestarter is clever enough to figure out on its own which connections to allow and block. But what if the firewall stops legitimate traffic? For example, if you use Linutop to run a Web server, you’ll quickly discover that Firestarter blocks this service by default. This is where the Events tab can come in rather handy. When Firestarter blocks a service, it appears in the Events section. Right-click on the blocked service, and you can use the available options to decide how Firestarter should treat the selected connection. Choose for example, the Allow inbound service for everyone option to enable anyone to access the specific service.
Don’t let Firestarter’s simple interface fool you: it is a very capable firewall application that has a few clever tricks up its sleeve. And if you want to get the most out of it, be sure to read the available documentation.