.
With each Knoppix new version I ask the same question
about Menu>Preferences>Knoppix firewall.

Since this GUI doesn't save any information, is there a default that
is satisfactory or might there be a problem?

I've never received AND understood any answer I've gotten.
Can someone take another try at enlightening me?

I believe you are hitting a bug. Basically the script works for a previous previous old version of Knoppix but it has not been updated since. You can look at /etc/init.d/firewall if you are interested to find out how it works and perhaps you can also try to fix the saving error.

Edit '/usr/sbin/firewall' at position 'saveconfig()'
and change 'mount | grep -q "KNOPPIX.IMG"' to 'mount | grep -q "KNOPPIX-DATA"'

Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
Own Rescue-CD with Knoppix (Knoppix V6.7.1 remaster)

@ kl522 & Werner

I'll try this.
The last time I asked, Forester told me to fix it myself.
Now I may be able to do so.
Thanks again.

So, I changed /usr/sbin/firewall line 288 from 'KNOPPIX-DATA.img' to 'KNOPPIX-DATA'.
The GUI now accepts my choices.

Now in /etc/init.d/firewall line 272, I note the default has always been 'easy'.
and in line 136 I see 'easy' means 'only-outgoing'. That's a relief.

And, I'm adding /usr/sbin/firewall to my backup list, just in case I ever change
from 'easy' to 'something else'.

'/etc/init.d/firewall' is only a symlink to '/usr/sbin/firewall'.
The settings are written to '/etc/sysconfig/firewall'.

@ Werner

That's serendipitous. I've already got that covered with etc.
I didn't think to check that /usr/sbin/firewall might have been a symlink. Thanks again.

I see on debian-knoppix mail list that KK has gotten the word on this.

When will a change actually show up in isos for download?
Will that not be until a version change?
Or are there ongoing changes with later-dated 6.7.1 isos?

KK fixed it today
http://debian-knoppix.alioth.debian.org/packages/firewall-knoppix/

@ Werner & kl522

I note that for both the LiveCD and the LiveUSB
there is no /etc/sysconfig/firewall file if the Knoppix Firewall GUI
has not successfully registered any choices.

After 'correcting' /usr/sbin/firewall I note that there is now
an /etc/sysconfig/firewall file with my choices registered thus:
ACTIVE='yes'
CURRENTMODE='easy'
Which is completely satisfactory.

It is no longer obvious to me what the PRIOR state of the firewall was
before our intervention. The default for CURRENTMODE seems ok, but
I don't know how to determine whether the firewall was ever indeed
ACTIVE in the prior situation.

As an amendment to my post #7, I think it necessary to keep usr/bin/firewall in
my backup repertoire until such time as I am using one of KK's isos
that incorportate the correction.

No, it's sufficient to save '/etc/sysconfig/firewall' in your private update.tar.gz
And why not download the new firewall package and install with "dpkg -i"?

Hi, Werner

I just figured out that KK's new firewall is in the repos & I can bring it in with Synaptic.
I'm just a little slow.

Have you determined just what the situation must have been PRIOR to this fix?
Was there any firewall protection, or not?

Was there any firewall protection? No! By default you don't need it.

Is anyone having a problem with firewall-knoppix 0.5-6?

.
Upgrading to firewall-knoppix 0.5-6 from 0.5-5.2 presents an unwelcome suprise in correcting
a minor flaw in 0.5-5.2, while preserving some of 0.5-5.2's benign 'imperfections'.
One might look-out for four things in this problematic 'upgrade':

(1) If one upgrades 6.7.1 from 0.5-5.2 to 0.5-6, one finds that there is no longer a menu item
for the firewall gui under Preferences. As a result, there are NO firewall choices to select.
A .desktop file appears on the Synaptic files list, but not in /usr/share/applications.
This can be demonstrated with a standard Knoppix 6.7.1 LiveCD.

(2) If one provides this missing file, the gui seems to be working, except that the gui
doesn't 'go away' after saving a configuration successfully, but instead requires an
additional 'cancel' click on the main menu to terminate the process. This latter effect and (3) to
follow, are probably hold-over standard effects of 0.5-5.2. These two effects are probably just
benign design choices I'd prefer were made otherwise and not 'imperfections', per se.

(3) The KNOPPIX Firewall Tool screen does not always initially represent choices CURRENTLY
in effect as the starting point against which to define NEW choices to save.
It seems rather to present one particular safe, incoming-only-allowed set of choices as
the starting point against which a new group of selections MAY be defined & saved.
An example of this is eth+: selecting & saving eth+ does actually persist beyond a reboot, but
after reboot the 'radio button' for eth+ will not initially be displayed as 'depressed',
as might be expected.

(4) An upgrade to 0.5-6 erases any reference to 0.5-5.2 in Synaptic. This makes it more
difficult to discover & correct problems with the upgrade.
_____________________________

If you've noticed thing (1) above, and are looking for a work-around, I suggest the following:

(1) Provide a missing firewall-knoppix.desktop file to /usr/share/applications/, such as:


[Desktop Entry]
Comment=KNOPPIX Firewall
Exec=/etc/init.d/firewall
Icon=knoppix-penguin
Name=KNOPPIX Firewall
Type=Application
Categories=Settings
NoDisplay=false
(2, 3 & 4) Ignore these alleged 'imperfections' for the time being, but monitor
/etc/sysconfig/firewall to make sure your saved settings are what you want.
___________________________________

If 0.5-5.2 has not been 'upgraded' to 0.5-6, then it needs, as a minimum, the correction to
line 288 of the file /etc/init.d/firewall suggested by Werner Schulz: that is, changing
the reference "KNOPPIX-DATA.img" to "KNOPPIX-DATA". 'Imperfections' (2) and (3) may be ignored,
but /etc/sysconfig/firewall saved settings should be monitored, of course.