How To Configure A Firewall In Linux Using Firestarter

Long back, when I was running a Windows only PC, a firewall utility was always among the first software that I used to install on a newly formatted machine. Along with an Antivirus, a firewall used to be considered a must for any Windows installation that was in any way connected to the outside world.

Of course, times have changed now. I use Linux almost exclusively and rarely see the Windows login prompt. Most Linux distributions are far more secure than Windows, out of the box, but the threat is still there and having a good firewall protecting your computer is still a good idea.

Almost all Linux distributions comes bundled with a firewall software known as iptables, which is a command line based software for configuring Firewall rules for all network traffic to and from the Linux kernel.

Being a command line tool, the syntax tends to be a bit cryptic and even, intimidating for the first time user. This is where Firestarter comes into the picture.

Firestarter is a graphical interface for the iptables firewall. To install Firestarter on Debian, which is the Linux distribution that I use, give the following command.

And then launch firestarter using the Applications -> Internet menu entry.

Instead of an intimidating interface, Firestarter uses a simple wizard to take new users through the steps necessary for configuring the firewall.

Firestarter wizard

The first step is to identify which network interface will the firewall listen to. This is usually the primary network interface of the machine which is connected to the Internet.

Firestarter Wizard

Next comes the part where the user is asked to chose wether the particular machine is used for sharing the Internet connection. Select the secondary network interface of the machine which is connected to the rest of the internel network, if this machine is also being used for sharing the internet connection.

Firestarter wizard

That’s it. The firewall is ready to be deployed.

Firestarter wizard

Click on the Save button and you will see the Firewall status window. This is where you can see current statistics about your newly created firewall and also tweak the rules even more if you so desire.


By default, this firewall is fairly restrictive but if, for example, you want to create a rule that only your friend should be able to remotely access this machine, then you can add a policy to whitelist your friend’s IP address.

Firestarter edit policy

Firestarter is, in my opinion, a very simple and easy to use utility to configure and manage the iptables firewall, both for the novice and the experienced user.

Do you use any other firewall software on Linux ? Let us know in the comments?


  1. do you know a simple way to install a good parental control system in ubuntu or debian?
    Sometime friends ask me a way to give their children a secure system to surf the web. At the moment my answer is: Mandriva.
    With Mandriva parental control is just a few click away and I think this is a missing feature for a distro like Ubuntu aimed to be used by such a large user base.

  2. hi,

    great tutorial,

    i installed firestarter but it block all the traffic.
    my question is how i can reinitialize the iptables.


  3. @frnz: I’ll have to look up a good parental control system and get back to you. I don’t use one currently.

    @javaMan: You can just launch firestarter again and click on stop to stop the firewall. When you’ve reconfigured your rules to your liking you can click play to make the firewall active again.

  4. I found three application-BAsed firewalls so far: FireFlier (, TuxGuardian (, (
    Do you know more? Pls, share, but remember: only application-based ones (firestarter, ufw & Co are not related).

  5. @SSS26: I’m not sure what kind of firewalls are you looking at. fireflier is not even being developed anymore but does shorewall work for you ?

  6. @Sharninder
    I’m looking for a firewall that provides outbound protection not for ports, but for apps, i.e. when app tries to connect to i-net firewall catches it and asks what to do with this specific app. These firewalls are called application-based if i’m right.
    Every GUI front-ends for iptables i saw so far doesn’t provide such functionality: they just block outbound traffic on specific port, not taking into account which app initiated this connection attempt.

    I didn’t try shorewall, nor original iptables. I want to find GUI firewall which would catch applications’ connection attempts in realtime and prompt for user’s action. Like the one of those three firewalls i mentioned previously.

    (anyway, maybe i need to have a closer look at shorewall and iptables…)

  7. Hey SS26,

    Did you find any other application based firewalls?
    Very odd eh?

    There are a ba-zillion firewalls, but only 1 currently blocking applications access to the net?

    I cant’ understand this phenomenon.


  8. there’s some really affordable solutions now like ideco ipcop etc I mean compared to setting up a firewall yourself i’d rather go for ideco it’s a great bargain i been recently testing it and i can say oh boy performance and reliability are very good

  9. I couldn’t find a way to set up Firestarter to enable 2 network interfaces for internet connection. I have a notebook, and I use it with docking station. When on the docking station, it uses primarily the eth0, when on the move, it uses wlan0.
    I have to manually change the “internet connected network device” to and fro for browsing.
    Is there any way to configure Firestarter for multiple interfaces?

Comments are closed.