Tutorial
FireStarter on Centos 6
How can I easily manage iptables ?
With a GUI based iptables configuration program called FireStarter.
Note: If you installed your server without a GUI then FireStarter is not for you.
Firestarter RPM Centos 6
As the writing of this article I could not find an RPM package in the repositories for firestarter-1.0.3-1
Lets build one from the srpm ( http://wiki.centos.org/HowTos/SetupRpmBuildEnvironment is a great source for reference on RPM building )
Need install rpm-build
# yum install rpm-build
Also install rpm-config that contains build macros and extra scripts
# yum install redhat-rpm-config
Install build packages
# yum install make gcc gcc-c++
Download firestarter src.rpm
http://www.fs-security.com/download.php
Install the src.rpm ( http://wiki.centos.org/HowTos/RebuildSRPM reference for building RPM packages from src.rpm )
# rpm -i firestarter-1.0.3-1.src.rpm
Firestarter no longer shows “active connections” fix
Bugzilla report – Bug 245321
Lets update the source files to fix a bug in filestarter. The problem is that firestarter is looking for the file /proc/net/ip_conntrack but recent kernels (>=2.6.21) have renamed the file to /proc/net/nf_conntrack
# cd ~/rpmbuild/SOURCES
Untar the source file
# tar -xzvf firestarter-1.0.3.tar.gz
Modify the statusview.c file
# cd firestarter-1.0.3/src
# vi statusview.c
Change the line
#define CONNTRACK_FILE "/proc/net/ip_conntrack"
TO
#define CONNTRACK_FILE "/proc/net/nf_conntrack"Re-Tar the source
# tar -czvf firestarter-1.0.3.tar.gz firestarter-1.0.3Create the firestarter Centos 6 RPM
Go to the unpacked SRPM files and find the .spec file
# cd ~/rpmbuild/SPECSLets make the firestarter rpm
# rpmbuild -ba firestarter.specerror: Failed build dependencies:
glib2-devel >= 0:2.4 is needed by firestarter-0:1.0.3-1.x86_64gtk2-devel >= 0:2.4 is needed by firestarter-0:1.0.3-1.x86_64gnome-vfs2-devel >= 0:2.6.0 is needed by firestarter-0:1.0.3-1.x86_64libglade2-devel >= 0:2.3.6 is needed by firestarter-0:1.0.3-1.x86_64libgnomeui-devel is needed by firestarter-0:1.0.3-1.x86_64perl-XML-Parser is needed by firestarter-0:1.0.3-1.x86_64Looks like we need to install some pakcages in order to create our firestarter rpm.
#yum install glib2-devel gtk2-devel gnome-vfs2-devel libglade2-devel libgnomeui-devel perl-XML-Parser
Lets try it again
# rpmbuild -ba firestarter.specLets go get the rpm we just created
# cd ~/rpmbuild/RPMS/x86_64 ( this is because I am on a 64bit system for 32bit systems the last folder will be different )Lets install our firestarter-1.0.3-1 rpm
# rpm -Uvh firestarter-1.0.3-1.x86_64.rpmPreparing... ########################################### [100%]1:firestarter ########################################### [100%]You will find the Firestarter icon in your desktop’s programs menu OR run the program by executing “firestarter” from the command line
Configure FireStarter
Firestarter has good documentation on how to use Firestarter, I recommend taking a few minutes and going through each one of these pages.
The main components of the Firestarter interface are:
- The status page
This page in the main interface gives you a quick overview of the state of the firewall as well as allowing you start and shut it down. - The events page
The second page in the main interface, the events page contains the intrusion attempt history of the firewall. - The policy page
The final page in the main interface, the policy page is where you review your access policy. The policy alone determines what is allowed through the firewall. - The preferences
The program preferences control many aspects of the interface, as well as giving you the option to enable some additional filtering functions of the firewall.
Fabio Milano has written 80 articles for us.
Fabio Milano is a certified RHCE, MCP, and CFOI. He runs an IT consulting and services company called RDS Support inc. Website:http://www.rdssupport.com
