Linux Firewalls (3rd Edition) and over one million other books are available for Amazon Kindle. Learn more
  • List Price: $54.99
  • Save: $40.00 (73%)
Rented from Amazon Warehouse Deals
To Rent, select Shipping State from options above
Due Date: Dec 21, 2014
FREE return shipping at the end of the semester. Access codes and supplements are not guaranteed with rentals.
  • List Price: $54.99
  • Save: $24.91 (45%)
FREE Shipping on orders over $35.
Only 8 left in stock (more on the way).
Ships from and sold by
Gift-wrap available.
Linux Firewalls (3rd Edit... has been added to your Cart
Trade in your item
Get a $2.00
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Linux Firewalls (3rd Edition) Paperback – September 24, 2005

ISBN-13: 978-0672327711 ISBN-10: 0672327716 Edition: 3rd

Buy New
Price: $30.08
Price: $14.99
27 New from $26.08 26 Used from $7.48
Amazon Price New from Used from
"Please retry"
"Please retry"
$26.08 $7.48

Editorial Reviews Review

TCP/IP packet handling may seem crystal clear when you first hear about it, but after you've configured your Ethernet card's netmask address, the details become rather vague. You might find yourself asking--if you were a Danish prince--"What is a packet, if its chief good and market of its time be but to route and wrap?" If routing and wrapping were all packets did, we would all enjoy our ignorance blissfully. But packets--like men, as the prince learned--can be hollow carriers of ill will, and excluding the bad ones requires us to understand what they really truly are. At last.

Just how interesting packets turn out to be is revealed in Linux Firewalls, Robert L. Zeigler's sober, agile, and subtle text. Narrowing consideration to threats faced by small networks from external sources, Zeigler and his editors introduce security by delivering prerequisite tutorials on packet architecture and normal network-based client/server daemon-to-daemon communications. Nonthreatening daemon-to-daemon communication is part of the regular operation of a networked POSIX-compliant operating system (like Linux or Windows NT), but the incessant background chatter makes finding hostile intrusions a search for sometimes subtle irregularities in a high throughput environment.

In fact, bombardment of networks with useless packets can create diversions for more pernicious attacks. Distinguishing the good packets from the potentially hostile or merely useless packets requires levels of filtering criteria that depend on the specifics of the network environment. Zeigler sorts out all of these issues and outlines practical network administration strategies for packet filtering.

Linux Firewalls is a how-to for the home Linux box, including the creating and debugging firewall rules for home LANs and network interfaces. For larger LAN users, Zeigler describes intrusion logging; configurations based on varying levels of trust; and the how, why, and when of reporting intrusions to network authorities.

In the wrong hands, firewall reports are either hyped-up cloak-and-dagger sensationalism or monotonous treatises in bitwise accounting. Zeigler strikes a middle ground with a book fit for members of the Linux community who are curious about what is happening over their TCP/IP connections. These are folks who have the prowess to build kernel releases on their own but who aren't necessarily wonks at developing kernel or device driver sources. --Peter Leopold --This text refers to an out of print or unavailable edition of this title.

From the Publisher

An Internet-connected Linux machine is in a high-risk situation. This book details security steps that a home or small-to-mid-size, non-enterprise business might take to protect itself from potential remote attackers. As with the first edition, this book will provide a description of the need for security measures and solutions built upon the most up-to-date technology available. What's new in the Second Edition? Besides updating the content to cover the 2.4 kernel, additional chapters on VPNs, SSH, and Tripwire have been added. --This text refers to an out of print or unavailable edition of this title.

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Paperback: 552 pages
  • Publisher: Novell Press; 3 edition (September 24, 2005)
  • Language: English
  • ISBN-10: 0672327716
  • ISBN-13: 978-0672327711
  • Product Dimensions: 7 x 1.3 x 9 inches
  • Shipping Weight: 1.9 pounds (View shipping rates and policies)
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (41 customer reviews)
  • Amazon Best Sellers Rank: #775,549 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

This book, unlike some, is well laid out and easy on the eye.
Mr C
It just shows you how to do various things, and gives you the information you need to be able to go from there.
Andrew Barber
I wish half of my technical books were as good a value as this one.

Most Helpful Customer Reviews

18 of 18 people found the following review helpful By Dean K. Gibson on April 26, 2000
Format: Paperback
Good points:
* Lots of details about how to set up packet filtering in Linux.
* Good reference material about various ports & services.
Bad points:
* The command lines in his "rc.firewall" scripts are long and thus wrap when printed in the book, making the scripts VERY difficult to read. A smaller, fixed-pitch font for the scripts, and good use of column alignment would have helped tremendously.
* Scant discussion of the "hosts.allow" and "hosts.deny" files, or of TCP/IP wrappers and inetd. Both are an essential part of Linux firewalls.
* The overall organization of the book is good, but some of the detail in the chapters is not well organized. Since he protects against invalid packets going OUT as well as coming IN, there's a lot of detail that many people will not want. That detail tends to obscure the WHY of what he's doing.
* In the appendix, he lists in exhaustive detail all his firewall rules, and then lists them AGAIN in a "better" order. Yes, the second order is better for BOTH efficiency and understanding, so why provide the first list? Actually, there are SIX complete lists in the appendix: three for ipchains, and another three lists for ipfwadm), but that's another story ...
All in all, a good book in spite of the above. There are a few typos, but once you understand what he's doing, the typos are obvious.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
24 of 26 people found the following review helpful By Shaun T. Erickson on December 13, 1999
Format: Paperback
As a System Administrator who is trying to add new skills to his resume, and a home cablemodem user who wants to protect his private network from hackers on the Internet, I have found Mr. Ziegler's book, "Linux Firewalls", to be excellent, as I have also found his website to be. I read his book, cover to cover, within 24 hours of it's purchase (no small feat). Most informative!
It takes an honored place on my bookshelf, next to my other firewall bibles (Chapman & Zwicky's "Building Internet Firewalls" and Cheswick & Bellovin's "Firewalls and Internet Security : Repelling the Wily Hacker").
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
32 of 36 people found the following review helpful By Phil Lavigna on December 4, 1999
Format: Paperback
This author has been providing a great service to the Linux community with his Firewall Design Tool... I've used it to configure several firewalls with outstanding results (from portscans). I also purchased this book even though I never put the two names together until I saw an ad linking the two. Linux Firewalls isn't one of those books you read by the fireplace, but it's full of specific solutions to specific issues that all networks face. I appreciate the author's knowledge and recommend his website and book to Linux users.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
14 of 14 people found the following review helpful By Michael Hurley on October 24, 2005
Format: Paperback
If you are a system or network administrator, then you're concerned about security. If you're concerned about security, then you will want a copy of "Linux Firewalls" handy. In spite of its title, "Linux Firewalls" is about more than just firewalling.

After introductory material about firewalls, and how packet-filtering firewalls work, Suehring and Ziegler dive into creating firewalls with iptables: Enabling services, blocking attacks, optimizing firewall rules, etc. They spend a decent amount of time looking at forwarding and NAT. They demonstrate some possible network setups of varying complexity, and show how to write iptables rules for those environments. The remaining third of the book explores other security tools, such as TCPDump, Snort, and AIDE. Kernel "enhancements" SELinux and GrSecurity are discussed briefly. If that sounds like a lot of material to cover, it is. The book weighs in at over 500 pages, but it's laid out such that it's pretty easy to get to the information you need quickly. The authors have done a good job presenting such a large amount of material in a clear, easy-to-grasp fashion. Also, the book includes links to further resources in highlighted boxes is the text, and collected in an appendix, if you need to go into greater depth on a particular topic.

The book is full of useful tips. For example,in the discussion of the LOG target, they explain the technique for extracting the iptables messages from the noise in /var/log/messages and directing them to their own log. This is a question that comes up repeatedly on the iptables mailing list. The trick is to use the "--log-level" switch and configure syslog to write items that come through with the specified log-level to a seperate log.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
18 of 19 people found the following review helpful By "jb4mt" on December 16, 2000
Format: Paperback
If you are responsible for a small Linux network, whether it be at home or work, with an always-on high-speed Internet connection, and you are not already a firewall expert, this is the first book you should read. Mr Ziegler starts off by explaining the "why's" (theory) and then proceeds to demonstrate the "how's" (practice): all in a common-sense and easily understood manner.
The author's website contains an additional wealth of information for the amateur Linux network administrator. As mentioned in another review there is a script on the site that will walk the user through some questions and create a firewall script based on the answers. The website is not mentioned very prominently in the book however; just inside the outer front cover at the very lower left.
A couple of other MINOR shortcomings: Maggiano's "CGI programming with Tcl" provides a better first-chapter introduction to internet communication protocols and concepts such as the "three-way handshake". Having read that previously helped me breeze through Chapter 1 of Linux Firewalls with NO questions, which may not be the case for other readers (I am perhaps additionally better prepared in that I am a professional web developer).
Additionally, Ziegler makes no mention of the "ntsysv" utility, which allows the user to simply add or remove services to be started up upon booting, through a MENU interface, instead of having to manually edit scripts. This utility is incorporated into the installation routines of a couple of versions of Red Hat with which I am familiar (5.2/6.0), but NOT Mandrake, which is based on Red Hat. It was through Kabir's excellent "Red Hat Linux Administrator's Handbook" that I learned of the ntsysv utility and have begun using it after installation.
Regardless, this book of Ziegler's is destined for a classic. I have over 100 computer books: if I had to get rid of all but five, this one would be a keeper.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

What Other Items Do Customers Buy After Viewing This Item?

Frequently Bought Together

Linux Firewalls (3rd Edition) + Linux iptables Pocket Reference + Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
Price for all three: $78.45

Buy the selected items together