Tell me about the Knoppix firewall

[utu]

Hi, Werner

I just figured out that KK's new firewall is in the repos & I can bring it in with Synaptic.
I'm just a little slow.

Have you determined just what the situation must have been PRIOR to this fix?
Was there any firewall protection, or not?

[Werner P. Schulz]

Was there any firewall protection?

No! By default you don't need it.

[utu]

Is anyone having a problem with firewall-knoppix 0.5-6?

[utu]

.
Upgrading to firewall-knoppix 0.5-6 from 0.5-5.2 presents an unwelcome suprise in correcting
a minor flaw in 0.5-5.2, while preserving some of 0.5-5.2's benign 'imperfections'.
One might look-out for four things in this problematic 'upgrade':

(1) If one upgrades 6.7.1 from 0.5-5.2 to 0.5-6, one finds that there is no longer a menu item
for the firewall gui under Preferences. As a result, there are NO firewall choices to select.
A .desktop file appears on the Synaptic files list, but not in /usr/share/applications.
This can be demonstrated with a standard Knoppix 6.7.1 LiveCD.

(2) If one provides this missing file, the gui seems to be working, except that the gui
doesn't 'go away' after saving a configuration successfully, but instead requires an
additional 'cancel' click on the main menu to terminate the process. This latter effect and (3) to
follow, are probably hold-over standard effects of 0.5-5.2. These two effects are probably just
benign design choices I'd prefer were made otherwise and not 'imperfections', per se.

(3) The KNOPPIX Firewall Tool screen does not always initially represent choices CURRENTLY
in effect as the starting point against which to define NEW choices to save.
It seems rather to present one particular safe, incoming-only-allowed set of choices as
the starting point against which a new group of selections MAY be defined & saved.
An example of this is eth+: selecting & saving eth+ does actually persist beyond a reboot, but
after reboot the 'radio button' for eth+ will not initially be displayed as 'depressed',
as might be expected.

(4) An upgrade to 0.5-6 erases any reference to 0.5-5.2 in Synaptic. This makes it more
difficult to discover & correct problems with the upgrade.
_____________________________

If you've noticed thing (1) above, and are looking for a work-around, I suggest the following:

(1) Provide a missing firewall-knoppix.desktop file to /usr/share/applications/, such as:

Code:

[Desktop Entry]
Comment=KNOPPIX Firewall
Exec=/etc/init.d/firewall
Icon=knoppix-penguin
Name=KNOPPIX Firewall
Type=Application
Categories=Settings
NoDisplay=false

(2, 3 & 4) Ignore these alleged 'imperfections' for the time being, but monitor
/etc/sysconfig/firewall to make sure your saved settings are what you want.
___________________________________

If 0.5-5.2 has not been 'upgraded' to 0.5-6, then it needs, as a minimum, the correction to
line 288 of the file /etc/init.d/firewall suggested by Werner Schulz: that is, changing
the reference "KNOPPIX-DATA.img" to "KNOPPIX-DATA". 'Imperfections' (2) and (3) may be ignored,
but /etc/sysconfig/firewall saved settings should be monitored, of course.