I suspect it is because firestarter keep adding entry into my blocked event, as 24-7 there are so many strangers all around the world keep scanning my box and been blocked by firestarter. So how to resolve this if i want firestarter continue to protect my box and at the same time don't waste my RAM?
I discover that when I close my firestarter, the firewall rules stays. I try to check my iptables, the rules is still there until I reboot my system.
sudo iptables -L
And secondly i found a script at /etc/init.d, it is "firestarter". That means i can start the firestarter defined firewall rules without required to start the GUI, that's great!
I quickly create a symlink to /etc/rc2.d and reboot my system.
sudo ln -s /etc/init.d/firestarter /etc/rc2.d/S20firestarter
It works! But now i can't get the infomation of who is scanning my ports. I am wrong! i still can get the infomation, firestarter do store everything into /var/log/message. So if I wanna know the latest 20 blocked packets i can do this
dmesg | tail -n 20
cat /var/log/messages | tail -n 20Although it shows the same records, but with this, it shows more info.