Ubuntu – What GUI firewall manager should I use to replace Firestarter

firewallsoftware-recommendation

Apparently Firestarter is no longer maintained, and it does not have any options in its interface for handling the connection to a VPN. Right now, my VPN does not work if my Firewall is activated.

I would like to find an alternative GUI firewall manager that will let me make configurations to accomodate my VPN service. Which should I use, and what considerations should I take into account when migrating from Firestarter?

I did a Google search, and tried to restrict results within the last year, but it seems people are still recommending Firestarter, despite it not being maintained.

With almost near certainty, someone will probably suggest that I just manage my "iptables" from the command line. Please understand that I am not interested in a command line interface for managing my firewall. Thanks.

Best Answer

First of all, the main reason behind Firestarter not being maintained any more is that Ubuntu comes in with the firewall called ufw by default. You can install a graphical interface to ufw by selecting it from the Ubuntu Software Center (package gufw) or by typing

sudo apt-get install gufw

Please note that any and every "firewall" in Ubuntu will be some kind of interface to the iptables. Some of these interfaces are graphical (like Firestarter), some not (like ufw), some are not graphical, but come with their own graphical interface. You will find more information on this page.

Also, please consider the following. Firewall can be of real use if you do understand iptables and the way TCP/IP works. If you do, then configuring the firewall using either naked iptables or some kind of text interface based on config files (like ufw) usually presents no problem.

Installation

Until now (2017/05/22) there isn't Ubuntu packages available. You must build it from source.

These installation instructions are based on information from the Douane Wiki and tested on Ubuntu 16.04.2 64-bit.

Open a terminal (Ctrl+Alt+T) to run the commands.

Preparation

Update your system:

sudo apt update
sudo apt full-upgrade

If you get a notification asking to restart your computer, then restart it.

Install the dependencies

sudo apt install git build-essential dkms libboost-filesystem-dev libboost-regex-dev libboost-signals-dev policykit-1 libdbus-c++-dev libdbus-1-dev liblog4cxx10-dev libssl-dev libgtkmm-3.0-dev python3 python3-gi python3-dbus

Create a directory for compilation

cd
mkdir Douane
cd Douane

Build the kernel module

git clone https://github.com/Douane/douane-dkms
cd douane-dkms
sudo make dkms

Check if the module was built and installed correctly:

lsmod | grep douane

You should see something like:

douane                 20480  0

Build the daemon

cd ~/Douane
git clone --recursive https://github.com/Douane/douane-daemon
cd douane-daemon
make
sudo make install

Build the dialog process

cd ~/Douane
git clone --recursive https://github.com/Douane/douane-dialog
cd douane-dialog
make
sudo make install

Start the dialog process:

/opt/douane/bin/douane-dialog &

Then check if it is running:

pgrep -a douane-dialog

You should see something like:

21621 /opt/douane/bin/douane-dialog

Build the configurator

cd ~/Douane
git clone https://github.com/Douane/douane-configurator
cd douane-configurator
sudo python3 setup.py install

Start the daemon and setup automatic starting

I had to insert the following text in the file /etc/init.d/douane in order to enable the automatic starting of the daemon:

### BEGIN INIT INFO
# Provides:          douane
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Douane firewall
### END INIT INFO

Open the file for edit:

sudo nano /etc/init.d/douane

Then paste the above text after the program description. Press Ctrl+O,Enter to save, then Ctrl+X to exit the editor.

This is the first 21 lines of the file after I inserted the text:

#!/bin/bash
#
# douane      This shell script takes care of starting and stopping
#             douane daemon (A modern firewall at application layer)
#
# Author: Guillaume Hain zedtux@zedroot.org
#
# description: douane is the daemon process of the Douane firewall application. \
# This firewall is limiting access to the internet on application bases.

### BEGIN INIT INFO
# Provides:          douane
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Douane firewall
### END INIT INFO

# Source function library.
. /lib/lsb/init-functions

Now you can set up the auto start and start the daemon:

sudo systemctl daemon-reload
sudo systemctl enable douane
sudo systemctl start douane

Activate the filter and auto start the dialog

Start the configurator:

douane-configurator

Then make sure the switches Use Douane to filter my network traffic and Auto start Douane on boot are both turned on.

You can review the filtering rules in the Rules tab. Right clicking a rule you get an option to delete it.

Test

If everything is fine you should see the Douane window asking for permission when you open applications that uses network connections.

Ubuntu – Is iptables -F kicking me out of the ssh session

Yes, The iptables -F chain will flush all of the iptables rules for that chain, and therefore only the default policy rule will be used.

It seems likely that the default policy for your references was ACCEPT, while the default policy on your computer is DROP.

Check via sudo iptables -xvnL. If you want to delete all of your rules in a chain, but maintain your ssh session, change the default policy to ACCEPT first. You can change it back to DROP after you have the rules you want in place, and you confirm your ssh packets are no longer relying on the default policy to get through.

sudo iptables -P INPUT ACCEPT

You might need it on the OUTPUT chain also.