I'm really going out on a limb here as I've had limited experience and less
success with firewalls... but here goes.

Iptables is the underlying set of routines that actually implements the
firewall. It is a work of genius and very hard for us ordinary folks to
fully understand. It is a fantastically versatile and capable programme
which must be completely configured from the command line, it's native
interface. Most people prefer to us a graphical front end.

Once iptables is set up the graphical interface doesn't matter. It can even
be removed, provided that iptables is set up to start at boot and is doing
what you want it to do in managing input and output. Auto-starting iptables
has nothing to do with firestarter etc. after they have set it up.

In my experience any number of reboots always left iptables firmly in
control. Having had to use the CLI method when I unintentionally blocked all
net and internet access I would never go back to command line configuration
by choice! The manuals are available online but are lengthy and highly
technical. Once it was blocking internet access the only way to install
graphical tools, which were not in the apt cache, was to unblock it using
the native CLI commands. Could it be that what was showing as "off" was not
iptables, and therefore your firewall, but the graphical interface, which
you don't need once you have the firewall working properly?