Linux Firewalls

If you are a system or network administrator, then you're concerned about security. If you're concerned about security, then you will want a copy of "Linux Firewalls" handy. In spite of its title, "Linux Firewalls" is about more than just firewalling. After introductory material about firewalls, and how packet-filtering firewalls work, Suehring and Ziegler dive into creating firewalls with iptables: Enabling services, blocking attacks, optimizing firewall rules, etc. They spend a decent amount of time looking at forwarding and NAT. They demonstrate some possible network setups of varying complexity, and show how to write iptables rules for those environments. The remaining third of the book explores other security tools, such as TCPDump, Snort, and AIDE. Kernel "enhancements" SELinux and GrSecurity are discussed briefly. If that sounds like a lot of material to cover, it is. The book weighs in at over 500 pages, but it's laid out such that it's pretty easy to get to the information you need quickly. The authors have done a good job presenting such a large amount of material in a clear, easy-to-grasp fashion. Also, the book includes links to further resources in highlighted boxes is the text, and collected in an appendix, if you need to go into greater depth on a particular topic. The book is full of useful tips. For example,in the discussion of the LOG target, they explain the technique for extracting the iptables messages from the noise in /var/log/messages and directing them to their own log. This is a question that comes up repeatedly on the iptables mailing list. The trick is to use the "--log-level" switch and configure syslog to write items that come through with the specified log-level to a seperate log. You still get the occasional false positive this way, but it sure beats slogging through all the noise in /var/log/messages. I do have a couple of criticisms to make of the book. For example, to start the firewall at boot time, the authors recommend ieither using the "iptables save" function (Red Hat), or adding a line to rc.local. The problem with the former is that "iptables save" is, as the authors point out, not terribly reliable. Furthermore, if you're using a script to generate your firewall rules, then your rules are already saved. The problem with rc.local is that then the firewall will start after the network is up and services are listening. I prefer to write an init script and use the chkconfig utility (Red Hat/SuSE) to bring up the firewall rules before the network. The biggest omission from the book is any information on bridge firewalls. A bridge can be very useful for putting a transparent firewall onto your network. I am surprised that there is not even a mention of bridging, or ebtables (the userspace bridge tools), since bridging is now part of the standard kernel. Iptables can also be made to work with the bridge module. Pointing out this omission may not be a completely fair criticism: I have yet to see a firewall

I have used ipfilter on FreeBSD for many years, and I'm now starting to deploy Linux. Ziegler presents an extremely well researched book. Particularly impressive is his discussion of the nastier protocols like DHCP and FTP. Getting ssh and smtp through a firewall is pretty simple, it's the tougher protocols that really require some thought, and it's clear he's done that.Along with explaining the protocols, he explains how iptables works and how to apply the protocol knowledge to building iptables rules. The appendices where he assembles all of the rules together are worth the price of the book all by themselves.I wish half of my technical books were as good a value as this one.

I recommend this book to both linux and non-linux users alike. the non-linux users will learn plenty through the exquisite TCP/IP details of network trickery, policy creation, and lock down methods.Linux users will be even better off, as they can use the sample configurations and setups right off the bat. This second edition covers iptables in a readable manner unlike any other source. This is the only firewalls book a Linux user will ever need. I do suggest you pick up a general linux security book as well, because application attacks are not the subject of this book.I put this book at the top of my list.

If you are responsible for a small Linux network, whether it be at home or work, with an always-on high-speed Internet connection, and you are not already a firewall expert, this is the first book you should read. Mr Ziegler starts off by explaining the "why's" (theory) and then proceeds to demonstrate the "how's" (practice): all in a common-sense and easily understood manner.The author's website contains an additional wealth of information for the amateur Linux network administrator. As mentioned in another review there is a script on the site that will walk the user through some questions and create a firewall script based on the answers. The website is not mentioned very prominently in the book however; just inside the outer front cover at the very lower left.A couple of other MINOR shortcomings: Maggiano's "CGI programming with Tcl" provides a better first-chapter introduction to internet communication protocols and concepts such as the "three-way handshake". Having read that previously helped me breeze through Chapter 1 of Linux Firewalls with NO questions, which may not be the case for other readers (I am perhaps additionally better prepared in that I am a professional web developer).Additionally, Ziegler makes no mention of the "ntsysv" utility, which allows the user to simply add or remove services to be started up upon booting, through a MENU interface, instead of having to manually edit scripts. This utility is incorporated into the installation routines of a couple of versions of Red Hat with which I am familiar (5.2/6.0), but NOT Mandrake, which is based on Red Hat. It was through Kabir's excellent "Red Hat Linux Administrator's Handbook" that I learned of the ntsysv utility and have begun using it after installation.Regardless, this book of Ziegler's is destined for a classic. I have over 100 computer books: if I had to get rid of all but five, this one would be a keeper.

I looked at both this book and the "Linux and OpenBSD Firewall" books before deciding on this one. This book does a much more exhaustive job of explaining how to build a linux firewall.Going beyond just telling you "here's what you want your firewall script to look like" which is what I felt the other book did, this title explains why you shouldn't have certain daemons running on the firewall, what ports to block and the possible consequences and attack types that can come from not blocking a specific port. Amusingly enough, it even tells you the port to leave open if you plan on running a Quake server.As pointed out below, the wrap around on some of the examples is annoying.The book also is dedicated to handling the threat from the outside, it does not deal with the internel threat that any company needs to guard against, though it is pointed out in the very beginning that this book isn't designed to deal with internal threats, so I don't see this as a negative.I found the book easy to read. There are some technical books you dread picking up since they are so stale, this fortunately I found not to be like that.The entire book is dedicated to firewalls. Some firewall books I have seen a good chunk of the book is choosing hardware and how to install the OS. The author of this book intelligently reasoned that his readers already have Linux installed and want a book on firewalls, not a how to install the OS.