FireStarter - Super Easy Powerful Firewall for Linux
By Angsuman Chakraborty, Gaea News NetworkMonday, April 16, 2007
FireStarter is for Linux what ZoneAlarm is for Windows, a simple to use but fully functional firewall for small business and homes for free. The simplicity of firewall even surpasses ZoneAlarm, even a novice can set it up properly with very minimum knowledge.
To understand Firestarter or any other Firewall let’s take a look a very common scenario for small business. We need to provide internet access to all computers in the network and yet we want them all to be protected from outside access. The best access is transparent where the user behind firewall doesn’t feel the presence of firewall when he accesses the internet. However external access must be blocked except where specifically allowed. FireStarter shines in such setup. You can setup this configuration in less than 5 minutes. And the best part of all is that the client machines need nothing more than a simple configuration during setup wherein you specify that the IP address etc. information will be provided by DHCP, most likely it is already the default for your linux distribution.
The network can be configured both for DHCP or static IP address assignment. In case of DHCP, as mentioned before, that’s all you need to specify in client machines. In internet machine you need to just check a checkbox in FireStarter configuration. For static IP assignment you need to provide both the IP address (which is what you want) as well as the gateway (internet machine) and your dns server.
I recommend using the rpm distribution. I used yum to install the firewall in fedora core 6. It installed perfectly and created a menu item in Gnome panel.
FireStarter recognizes between external and internal network. By default connections from internal network are permissive and connections from the external network are blocked. You can setup rules to override them. The rules are activated by default immediately.
You can bring up the user interface to find the connections it is blocking realtime or for configuring the firewall. Personally I recommend using the UI sparingly and not keeping it up always as it consumes too much cpu in my experience. However the actual firewall functions fine and with negligible cpu load. The only thing I couldn’t do is to selectively allow ICMP ping from within intranet to the firewall machine but disallow pings from outside.
FireStarter starts as a daemon which provides not only firewall protection but gateway access too. You can optionally block ICMP traffic too.
FireStarter worked without any glitch. It is a very polished product by all counts. It passed grc.com ShieldsUp! tests perfectly. If you are , like me, migrating from Windows you will find FireStarter firewall a better and simpler alternative to ZoneAlarm. I highly recommend it for home as well as business use.
Tags: Simplicity, The client, What