Linux iptables Pocket Reference: Firewalls, NAT & Accountingby Gregor N. Purdy
Linux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large
Firewalls, Network Address Translation (NAT), network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered on
Linux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off.
Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get?
This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The book has an introductory section that describes applications,followed by a reference/encyclopaedic section with all the matches and targets arranged alphabetically.
Most Helpful Customer Reviews
See all customer reviews
This book is written for linux/unix sysadmins, not programmers. The topic of iptables is intimately related to guarding a network against intruders. A sysadmin task. Plus, the compact, pocketbook size lends itself to a common scenario. You're a harried sysadmin in the machine room of your company, surrounded by racks of computers and cabling. Equipment everywhere and little room for you to prop up a regular sized text on intrusion detection. Quite possibly, the master console is some cheezy old monitor that you got stuck with. Or even worse, it is just a terminal. If the latter, it's really awkward to do a man on iptables and also run it, especially if you're in real time mode against an active intruder. In other words, what this book is ideal for.