An frequently asked question is, what is the state of the firewall when not running the Firestarter program? The answer is that it depends. If you installed the Firestarter from RPM or Deb packages the firewall will be running all the time (dial-up users excluded), even after a reboot. In these cases the firewall is running as a service and can be manipulated using the standard Linux system service and runlevel management tools.
If you compiled and installed Firestarter from source and are using a Red Hat or Mandrake based Linux distribution and further ran the postinstall script available in the Firestarter source distribution, the effect is the same as if you had installed from a RPM or Deb. The firewall will persist trough an reboot and an init script is provided.
If you compiled from source and are not using a Red Hat or Mandrake distribution the firewall is active from the moment you run Firestarter to the next reboot. See the notes about starting the firewall manually below for increasing your firewall coverage.
In addition to the behaviors described above the usage of a DHCP daemon further extends the coverage. When the network device bound to the DHCP service is assigned an IP address (either when connecting for the first time or on a lease renewal) the firewall is started or refreshed. Note that this occurs even if the firewall was stopped, either from the Firestarter program or from the init scripts. Currently this service is provided when using either the DHCPD or dhclient programs (this covers pretty much any modern distribution).
Firestarter comes with an SysV style init script for managing the firewall. The script provides the following functions:
The functions can be invoked by appending them as parameters to the script. For example, on a Red Hat / Mandrake distribution you can start the firewall by running /etc/init.d/firestarter start. Most distributions also include tools, like chkconfig, to manage the service scripts. These tools allow you to change the boot priority and many other parameters of the services.
The Firestarter program accepts a number of command line parameters for manipulating the firewall. Run firestarter --help for the complete list of options. If you installed from RPM make sure you're running /usr/sbin/firestarter and not /usr/bin/firestarter.
Add the lines "/etc/firestarter/firewall.sh", which is the firewall activation script, or "/usr/sbin/firestarter -s" to some suitable startup script. On SysV based distribution this is the /etc/rc.d/rc.local file.
The firewall must be started after you have established your connection to your ISP. In the Firestarter wizard there is an option to automatically start the firewall on dial-out. This option does not work with some dialers. For example, if you are using the kppp dialer application you will have to set up the dialer to start the firewall after a connection is established (using either the init script or the lines mentioned in the "Starting the Firewall Manually at Boot Time" section). Kppp includes an option to launch scripts when a connection is established.