Register your product to gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
The Definitive Guide to Building Firewalls with Linux
As the security challenges facing Linux system and network administrators have grown, the security tools and techniques available to them have improved dramatically. In Linux® Firewalls, Fourth Edition, long-time Linux security expert Steve Suehring has revamped his definitive Linux firewall guide to cover the important advances in Linux security.
An indispensable working resource for every Linux administrator concerned with security, this guide presents comprehensive coverage of both iptables and nftables. Building on the solid networking and firewalling foundation in previous editions, it also adds coverage of modern tools and techniques for detecting exploits and intrusions, and much more.
Distribution neutral throughout, this edition is fully updated for today’s Linux kernels, and includes current code examples and support scripts for Red Hat/Fedora, Ubuntu, and Debian implementations. If you’re a Linux professional, it will help you establish an understanding of security for any Linux system, and for networks of all sizes, from home to enterprise.
Inside, you’ll find just what you need to
Preface xix
About the Author xxi
Part I: Packet Filtering and Basic Security Measures 1
Chapter 1: Preliminary Concepts Underlying Packet-Filtering Firewalls 3
The OSI Networking Model 5
The Internet Protocol 7
Transport Mechanisms 14
Don’t Forget Address Resolution Protocol 17
Hostnames and IP Addresses 18
Routing: Getting a Packet from Here to There 19
Service Ports: The Door to the Programs on Your System 19
Summary 23
Chapter 2: Packet-Filtering Concepts 25
A Packet-Filtering Firewall 26
Choosing a Default Packet-Filtering Policy 29
Rejecting versus Denying a Packet 31
Filtering Incoming Packets 31
Filtering Outgoing Packets 46
Private versus Public Network Services 49
Summary 50
Chapter 3: iptables : The Legacy Linux Firewall Administration Program 51
Differences between IPFW and Netfilter Firewall Mechanisms 51
Basic iptables Syntax 54
iptables Features 55
Iptables Syntax 61
Summary 82
Chapter 4: nftables : The Linux Firewall Administration Program 83
nftables Features 84
nftables Syntax 85
Summary 93
Chapter 5: Building and Installing a Standalone Firewall 95
The Linux Firewall Administration Programs 96
Initializing the Firewall 99
Protecting Services on Assigned Unprivileged Ports 112
Enabling Basic, Required Internet Services 117
Enabling Common TCP Services 122
Enabling Common UDP Services 134
Logging Dropped Incoming Packets 138
Logging Dropped Outgoing Packets 138
Installing the Firewall 139
Summary 141
Part II: Advanced Issues, Multiple Firewalls, and Perimeter Networks 143
Chapter 6: Firewall Optimization 145
Rule Organization 145
User-Defined Chains 148
Optimized Examples 151
What Did Optimization Buy? 176
Summary 177
Chapter 7: Packet Forwarding 179
The Limitations of a Standalone Firewall 179
Basic Gateway Firewall Setups 181
LAN Security Issues 182
Configuration Options for a Trusted Home LAN 183
Configuration Options for a Larger or Less Trusted LAN 188
Summary 195
Chapter 8: NAT–Network Address Translation 197
The Conceptual Background of NAT 197
NAT Semantics with iptables and nftables 201
Examples of SNAT and Private LANs 206
Examples of DNAT, LANs, and Proxies 209
Summary 210
Chapter 9: Debugging the Firewall Rules 211
General Firewall Development Tips 211
Listing the Firewall Rules 213
Interpreting the System Logs 217
Checking for Open Ports 223
Summary 227
Chapter 10: Virtual Private Networks 229
Overview of Virtual Private Networks 229
VPN Protocols 229
Linux and VPN Products 232
VPN and Firewalls 233
Summary 234
Part III: Beyond iptables and nftables 235
Chapter 11: Intrusion Detection and Response 237
Detecting Intrusions 237
Symptoms Suggesting That the System Might Be Compromised 238
What to Do If Your System Is Compromised 241
Incident Reporting 243
Summary 247
Chapter 12: Intrusion Detection Tools 249
Intrusion Detection Toolkit: Network Tools 249
Rootkit Checkers 251
Filesystem Integrity 255
Log Monitoring 256
How to Not Become Compromised 257
Summary 261
Chapter 13: Network Monitoring and Attack Detection 263
Listening to the Ether 263
TCPDump: A Simple Overview 265
Using TCPDump to Capture Specific Protocols 272
Automated Intrusion Monitoring with Snort 286
Monitoring with ARPWatch 291
Summary 293
Chapter 14: Filesystem Integrity 295
Filesystem Integrity Defined 295
Installing AIDE 296
Configuring AIDE 297
Monitoring AIDE for Bad Things 301
Cleaning Up the AIDE Database 302
Changing the Output of the AIDE Report 303
Defining Macros in AIDE 306
The Types of AIDE Checks 307
Summary 310
Part IV: Appendices 311
Appendix A: Security Resources 313
Security Information Sources 313
Reference Papers and FAQs 314
Appendix B: Firewall Examples and Support Scripts 315
iptables Firewall for a Standalone System from Chapter 5 315
nftables Firewall for a Standalone System from Chapter 5 328
Optimized iptables Firewall from Chapter 6 332
nftables Firewall from Chapter 6 345
Appendix C: Glossary 351
Appendix D: GNU Free Documentation License 363
0. Preamble 363
1. Applicability and Definitions 363
2. Verbatim Copying 365
3. Copying in Quantity 365
4. Modifications 366
5. Combining Documents 367
6. Collections of Documents 368
7. Aggregation with Independent Works 368
8. Translation 368
9. Termination 369
10. Future Revisions of this License 369
11. Relicensing 370
Index 371