Start Firestarter without a password

This how-to will let you start Firestarter automatically without having to enter a password for it, but also not editing /etc/sudoers and, thus, giving access to anyone to change it.

Actually, this how-to was originally developed by kukibird1 in this thread; I put it here so it is more visible.

0. Understand what Firestarter is
Firestarter is not the firewall, just a nice tool to configure iptables, the actual firewall.

Iptables resets itself after reboot, so Firestarter is meant to start at boot and recreate iptables' rules. This is made before even GNOME/KDE/Xfce is started, so you won't see anything...

You don't need to open Firestarter to be protected... So, any solution that makes Firestarter open (not only start) will prompt you for the "sudo" password and, because that's nasty, you're told to edit /etc/sudoers... Not good.

1. Is it really Firestarter your problem?
How do you know if Firestarter is your problem? Please, do this test:
1. Reboot your machine.

2. After having logged in as normally, go to a Terminal (Applications --> Accessories --> Terminal) and type:

Code:

sudo iptables -nL
3. If you get the following, Firestarter must be fixed:
Code:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

If you don't get that and you know your firewall is not working, then either Firestarter is not the issue or it's not the "usual" Firestarter issue.

2. Fix it!
(To do this succesfully don't open Firestarter)
1. Enter Terminal (see above)

2. Type:
Code:

gksudo gedit /etc/firestarter/firestarter.sh
3. Locate the following "paragraph":
Code:

if [ "$MASK" = "" -a "$1" != "stop" ]; then
echo "External network device $IF is not ready. Aborting.."
exit 2
fi

It's near the beginning; be careful, check twice before going to step 4!

4. Make that paragraph look exactly like this (put a # before each line):
Code:

#if [ "$MASK" = "" -a "$1" != "stop" ]; then
#echo "External network device $IF is not ready. Aborting.."
#exit 2
#fi

5. Reboot. (If you know how to do it and want to skip the rest of the steps, deactivate the boot spash and monitor the boot process; it should say "Firestarter firewall starting up...[OK]". If so, you don't need to follow the rest)

6. Enter a Terminal and type "sudo iptables -nL" again. It should be different to what you saw at the beginning.

7. Open Firestarter, go again to Terminal and type "sudo iptables -nL" again. It should be the same as in step 6.

8. Review Firestarter configuration to see if it's correct (there's no particular reason to do this, just to be sure you're protected).

Now, you (and all users) are protected from boot, without messing around with sudo's configuration! You'll have to enter the password to access Firestarter, but as you usually do with other administrative apps.

Reasonale
It seems (to me) that Firestarter thinks the network is not configured, so, without network, no firewall is needed and shuts down with an error. Putting those # is equivalent to delete the code that analizes that error, so this fix forces Firestart to start ignoring that "error" (?).

Clicky Web Analytics