Linux Firewalls (2nd Edition)
Book Details
Availability: Usually ships in 24 hoursList Price: $49.99
Our Price: $34.99
You Save: $15 (30%)
Spotlight Customer Reviews
Average Customer Rating: 4.26Customer Rating: 4
Summary: Obsession with details
Comment: Good points:
* Lots of details about how to set up packet filtering in Linux.
* Good reference material about various ports & services.
Bad points:
* The command lines in his "rc.firewall" scripts are long and thus wrap when printed in the book, making the scripts VERY difficult to read. A smaller, fixed-pitch font for the scripts, and good use of column alignment would have helped tremendously.
* Scant discussion of the "hosts.allow" and "hosts.deny" files, or of TCP/IP wrappers and inetd. Both are an essential part of Linux firewalls.
* The overall organization of the book is good, but some of the detail in the chapters is not well organized. Since he protects against invalid packets going OUT as well as coming IN, there's a lot of detail that many people will not want. That detail tends to obscure the WHY of what he's doing.
* In the appendix, he lists in exhaustive detail all his firewall rules, and then lists them AGAIN in a "better" order. Yes, the second order is better for BOTH efficiency and understanding, so why provide the first list? Actually, there are SIX complete lists in the appendix: three for ipchains, and another three lists for ipfwadm), but that's another story ...
All in all, a good book in spite of the above. There are a few typos, but once you understand what he's doing, the typos are obvious.
Customer Rating: 4
Summary: From Firewall Dummy to Firewall Wiz
Comment: Mr. Ziegler does an incredible job of explaining the fundamentals of TCP/IP and details the importance of firewalls for home, home office, and small businesses. The book is thorough and eloquent. I recommend this book to anyone who is interested in security on the Internet, especially using Linux to implement a home/home office/small business firewall with a cable modem or DSL connection.
Mr. Ziegler's website is a great companion to this book, it even builds a firewall script based on questions you answer.
I only wish Mr. Ziegler talked about the newer features of ipchains that are not available in ipfwadm.
Overall, the book can take you from Firewall Dummy to Firewall Wiz.
Customer Rating: 5
Summary: Very well researched, clear discussion
Comment: I have used ipfilter on FreeBSD for many years, and I'm now starting to deploy Linux. Ziegler presents an extremely well researched book. Particularly impressive is his discussion of the nastier protocols like DHCP and FTP. Getting ssh and smtp through a firewall is pretty simple, it's the tougher protocols that really require some thought, and it's clear he's done that.
Along with explaining the protocols, he explains how iptables works and how to apply the protocol knowledge to building iptables rules. The appendices where he assembles all of the rules together are worth the price of the book all by themselves.
I wish half of my technical books were as good a value as this one.