Designing and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter (Paperback)

~ Lucian Gheorghe (Author)
Key Phrases: sfq quantum, add dev ethl parent, htb rate, Medium Networks Case Studies, Firewall Prerequisites, Distribution Network (more...)

Editorial Reviews

Product Description

Learn how to secure your system and implement QoS using real-world scenarios for networks of all sizes

• Implementing Packet filtering, NAT, bandwidth shaping, packet prioritization using netfilter/iptables, iproute2, Class Based Queuing (CBQ) and Hierarchical Token Bucket (HTB)
• Designing and implementing 5 real-world firewalls and QoS scenarios ranging from small SOHO offices to a large scale ISP network that spans many cities
• Building intelligent networks by marking, queuing, and prioritizing different types of traffic
  

In Detail

Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks.

After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation. Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.

Approach

The author draws on his experience to offer the reader valuable advice on the best practices. Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.

Who this book is written for?

This book is aimed at Linux Network administrators<!--[if !supportAnnotations]--> with some understanding of Linux security threats and issues, or any one interested in securing their systems behind a firewall. Basic knowledge of Linux is presumed but other than that this book shows you how to do the rest, from configuring your system to dealing with security breaches.

About the Author

Lucian Gheorghe

Lucian Gheorghe has just joined the Global NOC of Interoute, Europe's largest voice and data network provider. Before Interoute, he was working as a senior network engineer for Globtel Internet, a significant Internet and Telephony Services Provider to the Romanian market He has been working with Linux for more than 8 years putting a strong accent on security for protecting vital data from hackers and ensuring good quality services for internet customers. Moving to VoIP services he had to focus even more on security as sensitive billing data is most often stored on servers with public IP addresses. He has been studying QoS implementations on Linux to build different types of services for IP customers and also to deliver good quality for them and for VoIP over the public internet. Lucian has also been programming with Perl, PHP and Smarty for over 5 years mostly developing in-house management interfaces for IP and VoIP services.

Product Details

• Paperback: 288 pages
• Publisher: Packt Publishing (October 31, 2006)
• Language: English
• ISBN-10: 1904811655
• ISBN-13: 978-1904811657
• Product Dimensions: 9.1 x 7.5 x 0.9 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (4 customer reviews)
• Amazon.com Sales Rank: #477,410 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #12 in	Books > Computers & Internet > Security & Encryption > Firewalls
  #17 in	Books > Computers & Internet > Security & Encryption > Linux Security
  #41 in	Books > Computers & Internet > Operating Systems > Linux > Networking & System Administration

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

5.0 out of 5 stars Very good book, October 22, 2007

By	Adrian Sanchez Soto "Vord" (Mexico) - See all my reviews (REAL NAME)

If you like opensource, QoS, Firewalls... this book would be what you need.

If you are netadmin, sysadmin or you are an IT guy and learn this book, you can limit p2p/bittorrent traffic, guarantee bandwith for some services like http, ftp, voip, etc. (QoS), you can protect your network with firewalls.

First in chapter 1 we learn about Networking Fundamentals, then in chapter 2, about Security Threats in every OSI layer. After that we are ready to learn about basis of netfilter and iproute (Firewall and QoS).

In next chapters, show us how to do layer 7 filtering, practical QoS and more advanced things. Then we apply this knowledge in a very practical serie of scenerios that come later in the book.

Very good book, I recomend this to you.

1 of 1 people found the following review helpful:

3.0 out of 5 stars Disappointing, April 20, 2009

By	Jarrett Miller - See all my reviews (REAL NAME)

For some this might be a great book. For me, I found the title misleading. I was mainly interested in the QoS aspect as there are already excellent books available on firewalling and NAT.

The QoS seemed to be mostly an afterthought. The QoS policies utilized were tailored to the example networks but there was no discussion of generic QoS capabilities.

The biggest gripe though, is that there was Zero coverage of DSCP and/or 802.1q packet tagging. This book considers queue scheduling based on netfilter or L7-filter to be all that exists as far as QoS is concerned. If you want treatment of DSCP or 802.1p look elsewhere.

P.S. This book is cookbook format. Don't expect to learn the intricate details. It is not a bad book if that is what you are looking for but if you want a more "textbook" style book with complete coverage you will be disappointed.

5.0 out of 5 stars Easy to understand newbies inclusive, August 26, 2009

By	i5513 - See all my reviews

It is very well written

You will learn about NAT and filtering. Maybe you will need read more about QoS, but like introduction it is fine.

Excellent book. It shows you about small-medium-large networks configurations.

Regards,