[Hardy]locking the firewall using Firestarter destabilises the entire X-Server

I have a similar problem. In my case if I try to unlock it firestarter doesn't respond to commands, but it doesn't cause the X-server to destabilise. All the same I have to restart the computer to unlock the firewall

Same problem as Daniele but I have found that if I wait for about five minutes after trying to unlock it will finally unlock. If I force quit and try to restart firestarter again after a wait of about five minutes it will start in an unlocked state.So in my case it doesn't lock but just hangs for several minutes.

I've seen this on an friend's machine.

Locking firestarter removes all iptables rules and sets the policies for the default tables to DENY.

I suspect that the unlock process attempts to do something which is dependent having a path through the firewall.

This behaviour is reported to be new to Hardy not being evident in Gutsy.

Workaround: kill and purge firestarter and change policies on tables.

Ctrl/Alt/F1 to get a console, then log on

    sudo /bin/bash
    killall firestarter
    aptitude purge firestarter
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    exit

Alt/F7 returns you to the GUI

Importance should probably be set somewhere between serious and critical as it will cause loss of data for most users.

I have exactly the same problem: Ubuntu Hardy and Firestarter.
All functions of the firewall seem to work properly, but when I click on Lock Firewall, then Firestarter Lock any activity and prevent me to Unlock the firewall also! It hangs and if I force quitting Firestarter, I can't have it restart properly until a system reboot.

Adding rules to the locked firewall to log packets showed these connection attempts on attempting to unlock:

    Jun 19 15:29:42 kotuku kernel: [546262.683765] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=37291 DF PROTO=TCP SPT=58463 DPT=16001 WINDOW=32792 RES=0x00 SYN URGP=0
    Jun 19 15:30:06 kotuku kernel: [546286.682588] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=37292 DF PROTO=TCP SPT=58463 DPT=16001 WINDOW=32792 RES=0x00 SYN URGP=0
    Jun 19 15:30:54 kotuku kernel: [546334.680286] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=37293 DF PROTO=TCP SPT=58463 DPT=16001 WINDOW=32792 RES=0x00 SYN URGP=0
    Jun 19 15:32:30 kotuku kernel: [546430.675667] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=37294 DF PROTO=TCP SPT=58463 DPT=16001 WINDOW=32792 RES=0x00 SYN URGP=0

lsof then revealed:

    firestart 19833 root 15u IPv4 93038 TCP localhost:59731->localhost:16001 (SYN_SENT)

Port 16001 is used by esound so I assume firestarter is failing to cope with it's inability to contact the sound server which it has been walled off by firestarter.

Perhaps firestarter should add rules to allow traffic from localhost to localhost before setting all the table policies to DENY.

This wee patch makes firestarter work again.

Someone clueful needs to look this over.

Thanks for your patch, now firestarter work fine.

Sorry but I do not understand how to apply this patch, can someone help me? Thank you

Has there been an update meanwhile? Ubuntu 8.04 LTS is only supported until April 2013 on the server.