An Internet-connected Linux machine is in a high-risk situation. Linux Firewalls, Third Edition details security steps that any sized implementation--from home use to enterprise level--might take to protect itself from potential remote attackers. As with the first two editions, this book is especially useful for its explanations of iptables, packet filtering, and firewall optimization along with some advanced concepts including customizing the Linux kernel to enhance security.The third edition, while distribution neutral, has been updated for the current Linux Kernel and provides code examples for Red Hat, SUSE, and Debian implementations. Don't miss out on the third edition of the critically acclaimed Linux Firewalls.

Average Customer Review: ( 38 customer reviews )
Write an online review and share your thoughts with other customers.

* Lots of details about how to set up packet filtering in Linux.

* Good reference material about various ports & services.

Bad points:

* The command lines in his "rc.firewall" scripts are long and thus wrap when printed in the book, making the scripts VERY difficult to read. A smaller, fixed-pitch font for the scripts, and good use of column alignment would have helped tremendously.

* Scant discussion of the "hosts.allow" and "hosts.deny" files, or of TCP/IP wrappers and inetd. Both are an essential part of Linux firewalls.

* The overall organization of the book is good, but some of the detail in the chapters is not well organized. Since he protects against invalid packets going OUT as well as coming IN, there's a lot of detail that many people will not want. That detail tends to obscure the WHY of what he's doing.

* In the appendix, he lists in exhaustive detail all his firewall rules, and then lists them AGAIN in a "better" order. Yes, the second order is better for BOTH efficiency and understanding, so why provide the first list? Actually, there are SIX complete lists in the appendix: three for ipchains, and another three lists for ipfwadm), but that's another story ...

All in all, a good book in spite of the above. There are a few typos, but once you understand what he's doing, the typos are obvious.

24 of 26 found the following review helpful:

Excellent book - well worth the read!Dec 14, 1999
By Shaun T. Erickson
As a System Administrator who is trying to add new skills to his resume, and a home cablemodem user who wants to protect his private network from hackers on the Internet, I have found Mr. Ziegler's book, "Linux Firewalls", to be excellent, as I have also found his website to be. I read his book, cover to cover, within 24 hours of it's purchase (no small feat). Most informative!

It takes an honored place on my bookshelf, next to my other firewall bibles (Chapman & Zwicky's "Building Internet Firewalls" and Cheswick & Bellovin's "Firewalls and Internet Security : Repelling the Wily Hacker").

32 of 36 found the following review helpful:

Real Practical SolutionsDec 05, 1999
By Phil Lavigna
This author has been providing a great service to the Linux community with his Firewall Design Tool... I've used it to configure several firewalls with outstanding results (from portscans). I also purchased this book even though I never put the two names together until I saw an ad linking the two. Linux Firewalls isn't one of those books you read by the fireplace, but it's full of specific solutions to specific issues that all networks face. I appreciate the author's knowledge and recommend his website and book to Linux users.

18 of 19 found the following review helpful:

Linux Firewalls is a godsendDec 16, 2000

If you are responsible for a small Linux network, whether it be at home or work, with an always-on high-speed Internet connection, and you are not already a firewall expert, this is the first book you should read. Mr Ziegler starts off by explaining the "why's" (theory) and then proceeds to demonstrate the "how's" (practice): all in a common-sense and easily understood manner.

The author's website contains an additional wealth of information for the amateur Linux network administrator. As mentioned in another review there is a script on the site that will walk the user through some questions and create a firewall script based on the answers. The website is not mentioned very prominently in the book however; just inside the outer front cover at the very lower left.

A couple of other MINOR shortcomings: Maggiano's "CGI programming with Tcl" provides a better first-chapter introduction to internet communication protocols and concepts such as the "three-way handshake". Having read that previously helped me breeze through Chapter 1 of Linux Firewalls with NO questions, which may not be the case for other readers (I am perhaps additionally better prepared in that I am a professional web developer).

Additionally, Ziegler makes no mention of the "ntsysv" utility, which allows the user to simply add or remove services to be started up upon booting, through a MENU interface, instead of having to manually edit scripts. This utility is incorporated into the installation routines of a couple of versions of Red Hat with which I am familiar (5.2/6.0), but NOT Mandrake, which is based on Red Hat. It was through Kabir's excellent "Red Hat Linux Administrator's Handbook" that I learned of the ntsysv utility and have begun using it after installation.

Regardless, this book of Ziegler's is destined for a classic. I have over 100 computer books: if I had to get rid of all but five, this one would be a keeper.

13 of 13 found the following review helpful:

Excellent addition to the SysAdmin's bookshelfOct 25, 2005
By Michael Hurley
If you are a system or network administrator, then you're concerned about security. If you're concerned about security, then you will want a copy of "Linux Firewalls" handy. In spite of its title, "Linux Firewalls" is about more than just firewalling.

After introductory material about firewalls, and how packet-filtering firewalls work, Suehring and Ziegler dive into creating firewalls with iptables: Enabling services, blocking attacks, optimizing firewall rules, etc. They spend a decent amount of time looking at forwarding and NAT. They demonstrate some possible network setups of varying complexity, and show how to write iptables rules for those environments. The remaining third of the book explores other security tools, such as TCPDump, Snort, and AIDE. Kernel "enhancements" SELinux and GrSecurity are discussed briefly. If that sounds like a lot of material to cover, it is. The book weighs in at over 500 pages, but it's laid out such that it's pretty easy to get to the information you need quickly. The authors have done a good job presenting such a large amount of material in a clear, easy-to-grasp fashion. Also, the book includes links to further resources in highlighted boxes is the text, and collected in an appendix, if you need to go into greater depth on a particular topic.

The book is full of useful tips. For example,in the discussion of the LOG target, they explain the technique for extracting the iptables messages from the noise in /var/log/messages and directing them to their own log. This is a question that comes up repeatedly on the iptables mailing list. The trick is to use the "--log-level" switch and configure syslog to write items that come through with the specified log-level to a seperate log. You still get the occasional false positive this way, but it sure beats slogging through all the noise in /var/log/messages.

I do have a couple of criticisms to make of the book. For example, to start the firewall at boot time, the authors recommend ieither using the "iptables save" function (Red Hat), or adding a line to rc.local. The problem with the former is that "iptables save" is, as the authors point out, not terribly reliable. Furthermore, if you're using a script to generate your firewall rules, then your rules are already saved. The problem with rc.local is that then the firewall will start after the network is up and services are listening. I prefer to write an init script and use the chkconfig utility (Red Hat/SuSE) to bring up the firewall rules before the network. The biggest omission from the book is any information on bridge firewalls. A bridge can be very useful for putting a transparent firewall onto your network. I am surprised that there is not even a mention of bridging, or ebtables (the userspace bridge tools), since bridging is now part of the standard kernel. Iptables can also be made to work with the bridge module. Pointing out this omission may not be a completely fair criticism: I have yet to see a firewall book that covers bridging with Linux and ebtables (or iptables).

Nonetheless, "Linux Firewalls" is a very nice addition to my library. This book will live either on my desk, or on any easily-accessed shelf nearby.

DISCLOSURE: The publisher sent me a copy of this book for review.

See all 38 customer reviews on Amazon.com