on April 26, 2000
* Lots of details about how to set up packet filtering in Linux.
* Good reference material about various ports & services.
* The command lines in his "rc.firewall" scripts are long and thus wrap when printed in the book, making the scripts VERY difficult to read. A smaller, fixed-pitch font for the scripts, and good use of column alignment would have helped tremendously.
* Scant discussion of the "hosts.allow" and "hosts.deny" files, or of TCP/IP wrappers and inetd. Both are an essential part of Linux firewalls.
* The overall organization of the book is good, but some of the detail in the chapters is not well organized. Since he protects against invalid packets going OUT as well as coming IN, there's a lot of detail that many people will not want. That detail tends to obscure the WHY of what he's doing.
* In the appendix, he lists in exhaustive detail all his firewall rules, and then lists them AGAIN in a "better" order. Yes, the second order is better for BOTH efficiency and understanding, so why provide the first list? Actually, there are SIX complete lists in the appendix: three for ipchains, and another three lists for ipfwadm), but that's another story ...
All in all, a good book in spite of the above. There are a few typos, but once you understand what he's doing, the typos are obvious.
on December 13, 1999
As a System Administrator who is trying to add new skills to his resume, and a home cablemodem user who wants to protect his private network from hackers on the Internet, I have found Mr. Ziegler's book, "Linux Firewalls", to be excellent, as I have also found his website to be. I read his book, cover to cover, within 24 hours of it's purchase (no small feat). Most informative!
It takes an honored place on my bookshelf, next to my other firewall bibles (Chapman & Zwicky's "Building Internet Firewalls" and Cheswick & Bellovin's "Firewalls and Internet Security : Repelling the Wily Hacker").
on December 4, 1999
This author has been providing a great service to the Linux community with his Firewall Design Tool... I've used it to configure several firewalls with outstanding results (from portscans). I also purchased this book even though I never put the two names together until I saw an ad linking the two. Linux Firewalls isn't one of those books you read by the fireplace, but it's full of specific solutions to specific issues that all networks face. I appreciate the author's knowledge and recommend his website and book to Linux users.
on May 11, 2000
I looked at both this book and the "Linux and OpenBSD Firewall" books before deciding on this one. This book does a much more exhaustive job of explaining how to build a linux firewall.
Going beyond just telling you "here's what you want your firewall script to look like" which is what I felt the other book did, this title explains why you shouldn't have certain daemons running on the firewall, what ports to block and the possible consequences and attack types that can come from not blocking a specific port. Amusingly enough, it even tells you the port to leave open if you plan on running a Quake server.
As pointed out below, the wrap around on some of the examples is annoying.
The book also is dedicated to handling the threat from the outside, it does not deal with the internel threat that any company needs to guard against, though it is pointed out in the very beginning that this book isn't designed to deal with internal threats, so I don't see this as a negative.
I found the book easy to read. There are some technical books you dread picking up since they are so stale, this fortunately I found not to be like that.
The entire book is dedicated to firewalls. Some firewall books I have seen a good chunk of the book is choosing hardware and how to install the OS. The author of this book intelligently reasoned that his readers already have Linux installed and want a book on firewalls, not a how to install the OS.
on December 16, 2000
If you are responsible for a small Linux network, whether it be at home or work, with an always-on high-speed Internet connection, and you are not already a firewall expert, this is the first book you should read. Mr Ziegler starts off by explaining the "why's" (theory) and then proceeds to demonstrate the "how's" (practice): all in a common-sense and easily understood manner.
The author's website contains an additional wealth of information for the amateur Linux network administrator. As mentioned in another review there is a script on the site that will walk the user through some questions and create a firewall script based on the answers. The website is not mentioned very prominently in the book however; just inside the outer front cover at the very lower left.
A couple of other MINOR shortcomings: Maggiano's "CGI programming with Tcl" provides a better first-chapter introduction to internet communication protocols and concepts such as the "three-way handshake". Having read that previously helped me breeze through Chapter 1 of Linux Firewalls with NO questions, which may not be the case for other readers (I am perhaps additionally better prepared in that I am a professional web developer).
Additionally, Ziegler makes no mention of the "ntsysv" utility, which allows the user to simply add or remove services to be started up upon booting, through a MENU interface, instead of having to manually edit scripts. This utility is incorporated into the installation routines of a couple of versions of Red Hat with which I am familiar (5.2/6.0), but NOT Mandrake, which is based on Red Hat. It was through Kabir's excellent "Red Hat Linux Administrator's Handbook" that I learned of the ntsysv utility and have begun using it after installation.
Regardless, this book of Ziegler's is destined for a classic. I have over 100 computer books: if I had to get rid of all but five, this one would be a keeper.
on October 24, 2005
If you are a system or network administrator, then you're concerned about security. If you're concerned about security, then you will want a copy of "Linux Firewalls" handy. In spite of its title, "Linux Firewalls" is about more than just firewalling.
After introductory material about firewalls, and how packet-filtering firewalls work, Suehring and Ziegler dive into creating firewalls with iptables: Enabling services, blocking attacks, optimizing firewall rules, etc. They spend a decent amount of time looking at forwarding and NAT. They demonstrate some possible network setups of varying complexity, and show how to write iptables rules for those environments. The remaining third of the book explores other security tools, such as TCPDump, Snort, and AIDE. Kernel "enhancements" SELinux and GrSecurity are discussed briefly. If that sounds like a lot of material to cover, it is. The book weighs in at over 500 pages, but it's laid out such that it's pretty easy to get to the information you need quickly. The authors have done a good job presenting such a large amount of material in a clear, easy-to-grasp fashion. Also, the book includes links to further resources in highlighted boxes is the text, and collected in an appendix, if you need to go into greater depth on a particular topic.
The book is full of useful tips. For example,in the discussion of the LOG target, they explain the technique for extracting the iptables messages from the noise in /var/log/messages and directing them to their own log. This is a question that comes up repeatedly on the iptables mailing list. The trick is to use the "--log-level" switch and configure syslog to write items that come through with the specified log-level to a seperate log. You still get the occasional false positive this way, but it sure beats slogging through all the noise in /var/log/messages.
I do have a couple of criticisms to make of the book. For example, to start the firewall at boot time, the authors recommend ieither using the "iptables save" function (Red Hat), or adding a line to rc.local. The problem with the former is that "iptables save" is, as the authors point out, not terribly reliable. Furthermore, if you're using a script to generate your firewall rules, then your rules are already saved. The problem with rc.local is that then the firewall will start after the network is up and services are listening. I prefer to write an init script and use the chkconfig utility (Red Hat/SuSE) to bring up the firewall rules before the network. The biggest omission from the book is any information on bridge firewalls. A bridge can be very useful for putting a transparent firewall onto your network. I am surprised that there is not even a mention of bridging, or ebtables (the userspace bridge tools), since bridging is now part of the standard kernel. Iptables can also be made to work with the bridge module. Pointing out this omission may not be a completely fair criticism: I have yet to see a firewall book that covers bridging with Linux and ebtables (or iptables).
Nonetheless, "Linux Firewalls" is a very nice addition to my library. This book will live either on my desk, or on any easily-accessed shelf nearby.
DISCLOSURE: The publisher sent me a copy of this book for review.
on May 9, 2003
I have used ipfilter on FreeBSD for many years, and I'm now starting to deploy Linux. Ziegler presents an extremely well researched book. Particularly impressive is his discussion of the nastier protocols like DHCP and FTP. Getting ssh and smtp through a firewall is pretty simple, it's the tougher protocols that really require some thought, and it's clear he's done that.
Along with explaining the protocols, he explains how iptables works and how to apply the protocol knowledge to building iptables rules. The appendices where he assembles all of the rules together are worth the price of the book all by themselves.
I wish half of my technical books were as good a value as this one.
This book was used as a reference and that appears mostly how it's written. It's the sort of book I want to have on my shelf so it's there when I need it. Once my firewalling was setup I'm not futzing with it, so that knowledge goes out of my head. The well organized Linux Firewalls book provides quick access to the information I need to get the firewalling task done and refresh my memory.
I've had this book for years. It got me started, and it's still there to support me when I have to dredge up that skill set quite a while since I last used it.
I'm sure a lot of the content in this book is available online and some will certainly be newer or have some more info. But I like having one place to go for what I need when I need it.
on January 1, 2000
This book is excellent for setting up a firewall under Linux; I'm sure a clueful newcomer like myself could get something working well with little difficulty.
However, I couldn't help but feel the book had a rushed-to-print feel to it. There are *many* typos and errors. Moreover the author repetitively lists every single command line for the different services and IP addresses being handled by the firewall, which along with over-tabulation of protocol information appears to be unnecessary padding to fill the book out. "And similary for the rest" would have been appropriate in many parts of the book.
on October 17, 2005
Don't be fooled by the Novell Press label, this book isn't about Novell firewalls - it's about Linux firewalls.
This isn't a general purpose security book, nor does it waste paper with lots of "filler" sections. If you're completely new to security, read this in conjunction with a general text on (Linux) security.
This book is about firewalls and their associated underlying theory. In fact, it's a well written, detailed book about Linux firewalls. Many such texts are quite dry. However, Steve Suehring has a much more readable, frank, down to earth and, yes, amusing, approach that I find very refreshing.
While it also introduces complimentary security systems, such as intrusion detection systems, it doesn't try to explain any of these extras in great depth. Nor should it. Instead, it provides enough information for the reader to assess the benefits and links to more detailed information.
Whilst content is important, I believe that presentation is too. This book, unlike some, is well laid out and easy on the eye. Personally, being extremely picky, I like to see a list of figures and tables, but that's just me :)
All in all, a good book.