- Shopping Bag ( 0 items )
Posted October 24, 2005
Excellent addition to the SysAdmin's bookshelf
If you are a system or network administrator, then you're concerned about security. If you're concerned about security, then you will want a copy of 'Linux Firewalls' handy. In spite of its title, 'Linux Firewalls' is about more than just firewalling. After introductory material about firewalls, and how packet-filtering firewalls work, Suehring and Ziegler dive into creating firewalls with iptables: Enabling services, blocking attacks, optimizing firewall rules, etc. They spend a decent amount of time looking at forwarding and NAT. They demonstrate some possible network setups of varying complexity, and show how to write iptables rules for those environments. The remaining third of the book explores other security tools, such as TCPDump, Snort, and AIDE. Kernel 'enhancements' SELinux and GrSecurity are discussed briefly. If that sounds like a lot of material to cover, it is. The book weighs in at over 500 pages, but it's laid out such that it's pretty easy to get to the information you need quickly. The authors have done a good job presenting such a large amount of material in a clear, easy-to-grasp fashion. Also, the book includes links to further resources in highlighted boxes is the text, and collected in an appendix, if you need to go into greater depth on a particular topic. The book is full of useful tips. For example,in the discussion of the LOG target, they explain the technique for extracting the iptables messages from the noise in /var/log/messages and directing them to their own log. This is a question that comes up repeatedly on the iptables mailing list. The trick is to use the '--log-level' switch and configure syslog to write items that come through with the specified log-level to a seperate log. You still get the occasional false positive this way, but it sure beats slogging through all the noise in /var/log/messages. I do have a couple of criticisms to make of the book. For example, to start the firewall at boot time, the authors recommend ieither using the 'iptables save' function (Red Hat), or adding a line to rc.local. The problem with the former is that 'iptables save' is, as the authors point out, not terribly reliable. Furthermore, if you're using a script to generate your firewall rules, then your rules are already saved. The problem with rc.local is that then the firewall will start after the network is up and services are listening. I prefer to write an init script and use the chkconfig utility (Red Hat/SuSE) to bring up the firewall rules before the network. The biggest omission from the book is any information on bridge firewalls. A bridge can be very useful for putting a transparent firewall onto your network. I am surprised that there is not even a mention of bridging, or ebtables (the userspace bridge tools), since bridging is now part of the standard kernel. Iptables can also be made to work with the bridge module. Pointing out this omission may not be a completely fair criticism: I have yet to see a firewall book that covers bridging with Linux and ebtables (or iptables). Nonetheless, 'Linux Firewalls' is a very nice addition to my library. This book will live either on my desk, or on any easily-accessed shelf nearby. DISCLOSURE: The publisher sent me a copy of this book for review.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.