Every computer needs a good firewall for protection against various threats on the Internet. One recommendation is to use a hardware-based device to protect your computer or network, but an "out-of-the-box" device is not always sufficient—it may not be powerful enough, or it may not require the features you need. Fortunately, Linux makes a secure firewall, and with some older hardware, you can set up a dedicated firewall system.
When you're working with a Linux firewall, manipulating iptables can be daunting. Even comprehensive packages like Shorewall require a fair amount of knowledge and time to configure. Using a GUI tool with a walk-through wizard, such as Firestarter, is typically much easier than fiddling with text-based configuration files and shell scripts. However, you should note that Firestarter still identifies iptables as a pre-requisite, because it simply configures iptables rules for your firewall.
Firestarter uses an intuitive GUI interface to explain, step-by-step, each item that's configured. The initial wizard tells Firestarter whether or not you use DHCP, whether or not to allow Internet Connection Sharing (which is a must if you use the machine as a dedicated firewall for your network), and which is the internet-connected interface.
Another nice feature about Firestarter is that you can define an outbound traffic policy, which allows you to be permissive or restrictive by default. You can fine-tune the services and sites that are denied or accessible. In addition, you can easily add a new rule by clicking on the list space in the Policy tab and selecting Add Rule. Common service names are listed for easy selection.
With a slick GUI and comprehensive help, both in the program and online, Firestarter is an excellent firewall management tool. To download or find out more information about Firestarter, visit this Web site.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.