What is a firewall?
Just as a building has a firewall and possibly a fire door to try to isolate a fire on one side of the wall, preventing it spreading to the other side, a computer firewall does much the same. However, it's not concerned with fires, but more to the point, unauthorised entry and use. It most commonly, sits between the computer and the Internet, although in complex networks, there can be others within the overall system.
Now, to clear up a common misunderstanding. Firewalls do not prevent viruses or malware. But in the case of Linux, these are almost non-existent anyway.
Many modern Linux distro's come with an already installed and configured firewall, however some don't, and Debian is one of those.
This page is designed to show you how to install a firewall in Debain and get it up and running. It does not assume this is the best firewall or the most efficient, it simply offers one of the many methods for achieving that goal.
Why would I use one?
Many people cannot understand why they would want a firewall at all. The typical argument will be "I only use it for a bit of surfing and to write a letter or email. There's nothing on the computer that's of use to anyone."
Well, it's not about whether cyber-thieves can gain anything directly from you. What is far more important to them, is gaining control of your computer. This enables it to be integrated into a netbot. This simply means any number of computers linked together to form a network that can be used for devious purposes; sending spam mail for example or hosting dubious material. By trying to stop any unauthorised access, you are protecting your computer, from being used in this manner.
Linux for a long time, has been able to offer commercial grade firewalls. These have been based on either IP Tables, or IP Chains. IP Chains is now recognised as the older (some say out dated) method and almost all new firewalls now use IP Tables. This firewall uses IP Tables.
As a general rule, make sure IP Chains is not installed. Normally it wont be; only if you've loaded it yourself in the past. The package we use will load all the required files for this configuration.
Unlike many commercial grade firewalls, the package is Graphical User Interface (GUI) based, which makes it easier for people new to Linux. So take heart!
First, we need to obtain the required package.
The easiest way to do this, is to open up the Synaptic Package Manager. (SPM) (Desktop --> Administration --> Synaptic Package Manager). As usual, you will be asked for your root password.
Once in SPM, scroll down until you see firestarter. Highlight this and Mark for Installation. Click Apply at the top of the page, and Synaptic will work its magic!
Once you have completed the above, you may be faced with a mystery! How do I start the thing? Here's the answer.
Open up a Root Terminal and type the following command:
or, you may log out and log back in again, to find a Firestarter icon under Applications --> System Tools --> Firestarter.
It you use the command line method, don't worry if you see a whole load of error messages in the terminal. It is because you haven't yet run the Firestarter Wizard.
This will appear after you run the command above, or use the icon; like so:
This page is where you will define your Internet connection, whether it is a dial-up or network card for example.
Now you can tell Firestarter if you want to use you computer as a gateway for others. ICS = Internet Connection Sharing.
Next you will see you have completed the initial set-up and if you choose to Save the set-up will complete.
Now you will find yourself here.
This is the main GUI, where you can stop and start the firewall, make various configuration changes and so on.
Congratulations! You now have a commercial strength firewall that will keep you protected from unauthorised intrusions.
If you want to learn more about making adjustments to the firewall, visit www.fs-security.com and go to the Documentation tab. Apart from there being an on line manual, if you scroll right to the bottom of the page, you will find a handy PDF file that is a manual you can download and keep on your local machine. The Screenshots page is also handy to see how basic additional rules are implemented.