- Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition by
- Contents at a Glance
- About O’Reilly
- Support
- International
- Download the O’Reilly App
- Watch on your big screen
- Do not sell my personal information
- Don’t leave empty-handed
- It’s yours, free.
- Check it out now on O’Reilly
- Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition
- Book description
- Table of contents
- Product information
- You might also like
- Check it out now on O’Reilly
- Linux Firewalls : Enhancing Security with Nftables and Beyond
- Linux Firewalls : Enhancing Security with nftables and Beyond
Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition by
Get full access to Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition and 60K+ other titles, with a free 10-day trial of O’Reilly.
There are also live events, courses curated by job role, and more.
Contents at a Glance
Get Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
About O’Reilly
Support
International
Download the O’Reilly App
Take O’Reilly with you and learn anywhere, anytime on your phone and tablet.
Watch on your big screen
View all O’Reilly videos, Superstream events, and Meet the Expert sessions on your home TV.
Do not sell my personal information
© 2023, O’Reilly Media, Inc. All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.
Don’t leave empty-handed
Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.
It’s yours, free.
Check it out now on O’Reilly
Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.
Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition
Read it now on the O’Reilly learning platform with a 10-day free trial.
O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
Book description
Table of contents
- About This eBook
- Title Page
- Copyright Page
- Dedication Page
- Contents at a Glance
- Contents
- Preface
- Acknowledgments
- 1. Preliminary Concepts Underlying Packet-Filtering Firewalls
- The OSI Networking Model
- Connectionless versus Connection-Oriented Protocols
- Next Steps
- IP Addressing and Subnetting
- IP Fragmentation
- Broadcasting and Multicasting
- ICMP
- UDP
- TCP
- IP Addresses and Ethernet Addresses
- A Typical TCP Connection: Visiting a Remote Website
- A Packet-Filtering Firewall
- Choosing a Default Packet-Filtering Policy
- Rejecting versus Denying a Packet
- Filtering Incoming Packets
- Remote Source Address Filtering
- Local Destination Address Filtering
- Remote Source Port Filtering
- Local Destination Port Filtering
- Incoming TCP Connection State Filtering
- Probes and Scans
- Denial-of-Service Attacks
- Source-Routed Packets
- Local Source Address Filtering
- Remote Destination Address Filtering
- Local Source Port Filtering
- Remote Destination Port Filtering
- Outgoing TCP Connection State Filtering
- Protecting Nonsecure Local Services
- Selecting Services to Run
- Differences between IPFW and Netfilter Firewall Mechanisms
- IPFW Packet Traversal
- Netfilter Packet Traversal
- NAT Table Features
- mangle Table Features
- filter Table Commands
- filter Table Target Extensions
- filter Table Match Extensions
- nat Table Target Extensions
- mangle Table Commands
- Differences between iptables and nftables
- Basic nftables Syntax
- nftables Features
- nftables Syntax
- Table Syntax
- Chain Syntax
- Rule Syntax
- Basic nftables Operations
- nftables File Syntax
- The Linux Firewall Administration Programs
- Build versus Buy: The Linux Kernel
- Source and Destination Addressing Options
- Symbolic Constants Used in the Firewall Examples
- Enabling Kernel-Monitoring Support
- Removing Any Preexisting Rules
- Resetting Default Policies and Stopping the Firewall
- Enabling the Loopback Interface
- Defining the Default Policy
- Using Connection State to Bypass Rule Checking
- Source Address Spoofing and Other Bad Addresses
- Common Local TCP Services Assigned to Unprivileged Ports
- Common Local UDP Services Assigned to Unprivileged Ports
- Allowing DNS (UDP/TCP Port 53)
- Email (TCP SMTP Port 25, POP Port 110, IMAP Port 143)
- SSH (TCP Port 22)
- FTP (TCP Ports 21, 20)
- Generic TCP Service
- Accessing Your ISP’s DHCP Server (UDP Ports 67, 68)
- Accessing Remote Network Time Servers (UDP Port 123)
- Tips for Debugging the Firewall Script
- Starting the Firewall on Boot with Red Hat and SUSE
- Starting the Firewall on Boot with Debian
- Installing a Firewall with a Dynamic IP Address
- 6. Firewall Optimization
- Rule Organization
- Begin with Rules That Block Traffic on High Ports
- Use the State Module for ESTABLISHED and RELATED Matches
- Consider the Transport Protocol
- Place Firewall Rules for Heavily Used Services as Early as Possible
- Use Traffic Flow to Determine Where to Place Rules for Multiple Network Interfaces
- The Optimized iptables Script
- Firewall Initialization
- Installing the Chains
- Building the User-Defined EXT-input and EXT-output Chains
- tcp-state-flags
- connection-tracking
- local-dhcp-client-query and remote-dhcp-server-response
- source-address-check
- destination-address-check
- Logging Dropped Packets with iptables
- The Optimized nftables Script
- Firewall Initialization
- Building the Rules Files
- Logging Dropped Packets with nftables
- iptables Optimization
- nftables Optimization
- The Limitations of a Standalone Firewall
- Basic Gateway Firewall Setups
- LAN Security Issues
- Configuration Options for a Trusted Home LAN
- LAN Access to the Gateway Firewall
- LAN Access to Other LANs: Forwarding Local Traffic among Multiple LANs
- Dividing Address Space to Create Multiple Networks
- Selective Internal Access by Host, Address Range, or Port
- The Conceptual Background of NAT
- NAT Semantics with iptables and nftables
- Source NAT
- Destination NAT
- Masquerading LAN Traffic to the Internet
- Applying Standard NAT to LAN Traffic to the Internet
- Host Forwarding
- General Firewall Development Tips
- Listing the Firewall Rules
- iptables Table Listing Example
- nftables Table Listing Example
- syslog Configuration
- Firewall Log Messages: What Do They Mean?
- netstat -a [ -n -p -A inet ]
- Checking a Process Bound to a Particular Port with fuser
- Nmap
- Overview of Virtual Private Networks
- VPN Protocols
- PPTP and L2TP
- IPsec
- Openswan/Libreswan
- OpenVPN
- PPTP
- 11. Intrusion Detection and Response
- Detecting Intrusions
- Symptoms Suggesting That the System Might Be Compromised
- System Log Indications
- System Configuration Indications
- Filesystem Indications
- User Account Indications
- Security Audit Tool Indications
- System Performance Indications
- Why Report an Incident?
- What Kinds of Incidents Might You Report?
- To Whom Do You Report an Incident?
- What Information Do You Supply?
- Intrusion Detection Toolkit: Network Tools
- Switches and Hubs and Why You Care
- ARPWatch
- Running Chkrootkit
- What If Chkrootkit Says the Computer Is Infected?
- Limitations of Chkrootkit and Similar Tools
- Using Chkrootkit Securely
- When Should Chkrootkit Be Run?
- Swatch
- Secure Often
- Update Often
- Test Often
- Listening to the Ether
- Three Valuable Tools
- Obtaining and Installing TCPDump
- TCPDump Options
- TCPDump Expressions
- Beyond the Basics with TCPDump
- Using TCPDump in the Real World
- Attacks through the Eyes of TCPDump
- Recording Traffic with TCPDump
- Obtaining and Installing Snort
- Configuring Snort
- Testing Snort
- Receiving Alerts
- Final Thoughts on Snort
- Filesystem Integrity Defined
- Practical Filesystem Integrity
- Creating an AIDE Configuration File
- A Sample AIDE Configuration File
- Initializing the AIDE Database
- Scheduling AIDE to Run Automatically
- Obtaining More Verbose Output
- A. Security Resources
- Security Information Sources
- Reference Papers and FAQs
- iptables Firewall for a Standalone System from Chapter 5
- nftables Firewall for a Standalone System from Chapter 5
- Optimized iptables Firewall from Chapter 6
- nftables Firewall from Chapter 6
- 0. Preamble
- 1. Applicability and Definitions
- 2. Verbatim Copying
- 3. Copying in Quantity
- 4. Modifications
- 5. Combining Documents
- 6. Collections of Documents
- 7. Aggregation with Independent Works
- 8. Translation
- 9. Termination
- 10. Future Revisions of this License
- 11. Relicensing
Product information
- Title: Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition
- Author(s):
- Release date:
- Publisher(s): Addison-Wesley Professional
- ISBN: None
You might also like
Check it out now on O’Reilly
Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.
Linux Firewalls : Enhancing Security with Nftables and Beyond
As the security challenges facing Linux system and network administrators have grown, the security tools and techniques available to them have improved dramatically. In Linux(R) Firewalls, Fourth Edition, long-time Linux security expert Steve Suehring has revamped his definitive Linux firewall guide to cover the important advances in Linux security.
An indispensable working resource for every Linux administrator concerned with security, this guide presents comprehensive coverage of both iptables and nftables. Building on the solid networking and firewalling foundation in previous editions, it also adds coverage of modern tools and techniques for detecting exploits and intrusions, and much more.
Distribution neutral throughout, this edition is fully updated for today’s Linux kernels, and includes current code examples and support scripts for Red Hat/Fedora, Ubuntu, and Debian implementations. If you’re a Linux professional, it will help you establish an understanding of security for any Linux system, and for networks of all sizes, from home to enterprise.
Inside, you’ll find just what you need to
- Install, configure, and update a Linux firewall running either iptables or nftables
- Migrate to nftables, or take advantage of the latest iptables enhancements
- Manage complex multiple firewall configurations
- Create, debug, and optimize firewall rules
- Use Samhain and other tools to protect filesystem integrity, monitor networks, and detect intrusions
- Harden systems against port scanning and other attacks
- Uncover exploits such as rootkits and backdoors with chkrootkit
Linux Firewalls : Enhancing Security with nftables and Beyond
As the security challenges facing Linux system and network administrators have grown, the security tools and techniques available to them have improved dramatically. In Linux® Firewalls, Fourth Edition, long-time Linux security expert Steve Suehring has revamped his definitive Linux firewall guide to cover the important advances in Linux security.
An indispensable working resource for every Linux administrator concerned with security, this guide presents comprehensive coverage of both iptables and nftables. Building on the solid networking and firewalling foundation in previous editions, it also adds coverage of modern tools and techniques for detecting exploits and intrusions, and much more.
Distribution neutral throughout, this edition is fully updated for today’s Linux kernels, and includes current code examples and support scripts for Red Hat/Fedora, Ubuntu, and Debian implementations. If you’re a Linux professional, it will help you establish an understanding of security for any Linux system, and for networks of all sizes, from home to enterprise.
Inside, you’ll find just what you need to
- Install, configure, and update a Linux firewall running either iptables or nftables
- Migrate to nftables, or take advantage of the latest iptables enhancements
- Manage complex multiple firewall configurations
- Create, debug, and optimize firewall rules
- Use Samhain and other tools to protect filesystem integrity, monitor networks, and detect intrusions
- Harden systems against port scanning and other attacks
- Uncover exploits such as rootkits and backdoors with chkrootkit
- Rule Organization
- The OSI Networking Model