Ubuntu

Firewall Disappeared

Asked by Scott Price

I received a notice of 54 "serious" incoming ICMP intrusions, then shortly thereafter, my Firestarter just disappeared. I've tried several times to start it back up, and it asks me for my password, then nothing. I've tried uninstalling it, then reinstalling, but still nothing. I'm pretty worried. I had turned off the X-Server since I don't want anyone in my computer. I noticed that there are scripts running every time I turn my computer off that I didn't put there. The main reason I'm switching to Linux is that I heard it was safer from hackers. Is that information wrong? I'd really appreciate any help you can give. (A few days ago, the updater gave a warning about an unauthorized update, I tried to keep it from downloading, but it ended up getting past my denial.)

Thanks,
Scott Price

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Gilbert Mendoza
Solved:
Last query:
Last reply:
Revision history for this message
Best Gilbert Mendoza (gmendoza) said : 		#1

Sounds more like a combination of Firestarter application issue and a little paranoia. :-) No worries, mate. The probability of your machine being hacked is low, so lets just start with the basics.

Firestarter is simply a front end tool that configures your netfilter firewall rules using iptables. The application can be a bit buggy in my experience, so I don't use it. Also, the many benign alarms can be a bit concerning to people unsure of their meaning. More than likely, you box was pinged by any number of possible sources, which gets logged. An attacker is not hoever going to "hack" your machine using ICMP.

So lets first remove and purge firestarter from your system, and clear any firewall ACL's.

$ sudo killall firestarter
$ sudo apt-get purge firestarter
$ sudo iptables --flush
$ sudo iptables -t nat --flush
$ sudo iptables -t mangle --flush

You should be able to reinstall firestarter without any issues, and launch it from your menu like normal.
$ sudo apt-get install firestarter

One a side note, disabling your X server is not going to protect you in any way, because remote users cannot connect to it by default. In fact, unless you've installed services such as OpenSSH, Apache, or others, Ubuntu has no "open" or listening ports available for remote users to make connections to your machine. Meaning the average Ubuntu Desktop installation is very secure. You can use your firewall to further enhance security by "dropping" incoming traffic, or getting "fancy" and restrict outbound traffic... but doing so is cumbersome and not absolutely necessary for average Ubuntu Desktop users.

Hope this was insightful. Let us know if you have further questions.

Revision history for this message
Scott Price (scottpricepdx-gmail) said : 		#2

Worked like a charm -- thank you very much! I don't know what caused it to disappear, probably something to do with my "exploring" with all the new toys. 20 years + with MS software and I feel like a novice again. I appreciate the help, and I'll try to keep my curiosity down to a reasonable pace, although you'll no doubt be hearing from me again.

With much humility,

Thank you.

Scott Price