linux.dsplabs.com.au

Ok, so we roam about a lot these days, switching between different networks and different network infrastructures all the time. If you are like me and you use Linux with the Firestarter firewall, you probably wish there was a way to get Firestarter to seamlessly reconfigure between wired networks (say on eth0 interface) and wireless networks (say on wlan0 interface). If that is the case, then do read on, as this post presents a simple approach to achieve just that.

Firestarter is a Linux firewall that includes a nifty front-end graphical user interface (GUI) for back-end configuration of iptables and for event notification. Thus, whatever distro you use, whether it be Ubuntu, Redhat, SuSe or other, Firestarter is your friend if you like the ease of configuration and information display via a GUI. While I am a fan of the Firestarter firewall, there are many features that could be added to further extend its functionality. Unfortunately, the Firestarter project has not been under active development for some years now. Worry not, however, the power and beauty of Linux comes from the fact that it is engineered to be extended.

Lets take a look at a screenshot of the Firestarter GUI (shown below):

To manually reconfigure the "Internet connected network device" (i.e., your external interface) between wired and wireless devices, one can simply click on "Edit > Preferences > Network Settings" and select one of the devices from the "Detected device(s)" list, as shown below:

Simple, huh? Well if you have to do it very frequently, it will drive you mad. So how does one automate this task? Well, a good place to start is to determine exactly where the external interface setting resides within Firestarter's configuration file. From your favourite shell run the following command:

sudo head /etc/firestarter/configuration

and here is the resulting output:

#-----------( Firestarter Configuration File )-----------#

# --(External Interface)--
# Name of external network interface
IF="wlan0"
# Network interface is a PPP link
EXT_PPP="off"

# –(Internal Interface–)
# Name of internal network interface

Yours may vary a little, but the important line is the one with the interface highlighted in blue. Note that in this example I am configured on the first wireless device (wlan0), but you may be on a different interface. Anyhow, lets say that in this example I now move to a new location, where instead of using wireless I plugin an ethernet cable to use wired infrastructure through interface device eth0. To reconfigure Firestarter one would first backup the original config file as follows:

sudo cp /etc/firestarter/configuration /etc/firestarter/configuration.backup

and then change wlan0 interface to eth0 interface using sed for example:

sudo sed -i 's:^IF="wlan0":IF="eth0":' /etc/firestarter/configuration

followed by Firestarter restart:

sudo /etc/init.d/firestarter restart

and if all went well, the Firestarter firewall should have successfully restarted, with output similar to the following:

 * Stopping the Firestarter firewall...                              [ OK ]
 * Starting the Firestarter firewall...                              [ OK ]

Note that prior to restarting of the firewall we could have also checked that the sed command worked correctly, using:

sudo grep '^IF=' /etc/firestarter/configuration

with the expected output being:

IF="eth0"

Ok, so now we can change the interface from shell, but this still is a manual change. Next let us make this change automatic. We could achieve this by periodically checking which interface is configured with an IP address (for example as suggested by Joel Bastos), and possibly using a CRON job. However, there is an easier and better way, as mentioned by Ryan Thompson. Essentially, whenever a new network connection is established (or one gets terminated), scripts placed in a predefined directories will be invoked for specific events (this is a common approach on Linux platforms). For our purposes, we are interested in updating the Firestarter config file each time a new network connection is being established (or just prior to), as long as this happens before the Firestarter firewall is restarted. To do this, let us start by taking a look in the following directory:

sudo ls -lah /etc/network/if-up.d

On my system, the above command produces the following output:

drwxr-xr-x 2 root root 4.0K 2011-02-26 03:32 .
drwxr-xr-x 6 root root 4.0K 2011-02-19 05:29 ..
-rwxr-xr-x 1 root root  256 2011-02-26 03:32 50firestarter
-rwxr-xr-x 1 root root  892 2010-09-13 10:57 avahi-autoipd
-rwxr-xr-x 1 root root  431 2010-09-13 10:57 avahi-daemon
-rwxr-xr-x 1 root root  319 2010-04-23 16:03 mythtv-backend.if-up.d
-rwxr-xr-x 1 root root 1.2K 2010-02-02 18:19 ntpdate
-rwxr-xr-x 1 root root  173 2010-07-12 09:35 openvpn
-rwxr-xr-x 1 root root  225 2010-07-22 07:52 upstart

We are looking for Firestarter's script, highlighted above in red. Notice that it has some numbers prepended. These are used to control the order in which the scripts in the above directory are executed. Lets have a look what's in the highlighted file as follows:

sudo cat /etc/network/if-up.d/50firestarter

which gives:

#!/bin/sh
invoke-rc.d firestarter restart

which essentially restarts Firestarter whenever a new network connection is established… Are you thinking what I am thinking? Lets have a look at what I came up with:

sudo cat /etc/network/if-up.d/50firestarter

which gives:

#!/bin/sh
set -e
 
if [ "$IFACE" = "eth0" ]; then
    sed -i 's:^IF=".*":IF="eth0":' /etc/firestarter/configuration
fi
 
if [ "$IFACE" = "wlan0" ]; then
    sed -i 's:^IF=".*":IF="wlan0":' /etc/firestarter/configuration
fi
 
invoke-rc.d firestarter restart

We could tidy it up a bit further like so:

#!/bin/sh
 
set -e
 
if [ "$IFACE" = "eth0" -o "$IFACE" = "wlan0" ]; then
    sed -i 's:^IF=".*":IF="'$IFACE'":' /etc/firestarter/configuration
fi
 
invoke-rc.d firestarter restart

In the above, prior to Firestarter restart we are checking whether the network interface defined in shell variable $IFACE is one of two predefined interfaces we are interested in and, if so, we update the Firestarter config accordingly and then restart the firewall. Note that prior to changing the above file, you may want to back it up, but obviously do so into a different directory.

That is it from me. Feel free to customise this to suit your needs, test it, try it, enjoy it

References:

• http://www.fs-security.com
• http://superuser.com/questions/32658/run-a-script-when-connected-to-a-wireless-network-in-linux
• http://kintoandar.blogspot.com/2008/09/firestarter-firewall-switch.html
• http://www.uluga.ubuntuforums.org/showthread.php?t=54927
• http://ubuntuforums.org/showthread.php?t=772343

Did you find the above information useful and interesting? If so, please support this site by using the blog directory links at the bottom of this page. Thanks for your support!

If you have any Linux related problems or questions then please feel free to post them on our Linux Forums: http://linux.dsplabs.com.au/forums.

This entry was posted on Saturday, February 26th, 2011 at 10:53 am and is filed under SuSe, Hacking, Sed, Fedora, Ubuntu, Configuration, Tools, Distros, Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.