Linux Firewalls: Attack Detection and Response

Make no mistake, this book is on what it says it's about "Attack Detection and Response with iptables, psad, and fwsnort" it contains very little information about setting up iptables to block unwanted external traffic. HOWEVER setting up iptables (in the basic sense) doesn't require an entire book. Sure there are whole books on that topic but there is no need for a 300 page book on it, that just seems to be the size computer books have to be in order to get published. Which means other books on iptables are probably going to about 250 pages of fluff. Incidentally this book actually only spends about the first 35 pages describing that, the remainder is fantastic, useful, well written information about doing the things that make iptables truly useful. "detection and response" ACTIVELY securing your system. In addition to being comprehensive and useful this book happens to be well written, far better than most technical books. If you're thinking about buying a book on Linux firewalls, make it this one, but if you're not already familiar with iptables expect to read the first 35 pages, then a couple online tutorials and then come back to this book.

Who needs a specialist distro or Vyatta? Get this book and you'll be up and running in no time. I thought the content was presented in a logical manner, concise, clear and very informative. From IPTables novice to expert, there is a lot of good information in this book. If you want to understand the inner-workings of firewall based distros or products like Vyatta - or Brocade, whatever they call themselves these days - this is a good start. It introduces IPS/IDS basics, how to configure adaptive firewalls, and following the examples you will have the ability to set up a good, secure firewall in no time. I certainly recommend this book to anyone looking to get into the security field as well.

Information can be found Online, but the book is an easy reference, and brings the Linux firewalls all together as a guide to the various firewalls.

As of 2023, this book is outdated. Instead of iptables the Linux community has moved on to nftables. It's time to update this book.

There are lots of great examples in this book. I like the logging coverage. I've tuned my logging to make it easy to find unauthorized attempts.

A solid approach to protect your Linux or Network devices from intruders. I would recommend it for everyone who is serious about protecting their Network.

As another reviewer mentioned, this book is terribly outdated. Coming from 2007, it predates many modern firewall innovations on Linux such as nftables, and BPF. Even 'modern' tooling extensions like ipsets are completely missing here. It refers to snort throughout the book, because suricata wasn't a thing until a few years after it was written. While a lot of things are directly transferrable between the two tools, you'd be better served reading the man pages or online documentation. The high-level concepts are still interesting to read, but trying to get anything useful out of this book might be a challenge for someone new to Linux, or networking in general. Even things like the visualizing the output of psad, using hand-crafted perl scripts to generate gnuplot graphs seems anachronistic. There's an innordinate amount of effort spent in the book trying to make iptables do things that are better done in other tools. An example being reimplementing snort rules as iptables rules), or implementing a poor mans IDS doing string matches on packets in iptables. Don't pay more than a few dollars for a used copy, this book serves as nothing more than a historical artifact at this point.

A must have! There are not so many books on Linux Firewalls!

A la recherche d'un outil de détection d'intrusion léger, j'ai finalement installé PSAD. C'est comme ca que je suis arrivé à ce livre. M.RASH est une référence dans le domaine de la sécurité et du filtrage de paquets en particulier. Le livre est excessivement bien fait, avance progressivement en partant d'une configuration de parefeu simple pour aller vers l'inspection de niveau applicatif, en expliquant clairement chaque étape. Sans être expert en système, il faut un peu deconnaissance sur le fonctionnement des parefeu et de Linux pour appécier ce livre. Avec ce livre, vous allez (re)découvrir la puissance de netfilter !

Il libro spiega come configurare correttamente le iptables, facendo degli esempi pratici in un'architettura di rete composta da più host. Dà per scontato che voi sappiate quali siano i parametri delle iptables: -j, -A, ecc... ma li imparate in 2 secondi cercandoli su google o leggendo l'help ("iptables --help"). Nel tempo il linguaggio delle iptables è un po' cambiato rispetto al 2007, tutti gli esempi che presentano "-m state --state" andranno tradotti in "-m conntrack --ctstate". Nel sito del libro potete comunque osservare gli esempi aggiornati: cipherdyne.org/LinuxFirewalls Davvero ben fatto, consigliato.

O livro é bom em todos os aspectos, o autor sabe transpassar todo seu conhecimento e genialidade mostrando algumas de suas obras de arte da verdadeira pesquisa científica com fwsnort e psad. Conteúdo bem denso, já li 2 vezes... estou utilizando-o como a principal referência para meu TCC. Recomendo à todos, uma ótima leitura.

excellent

This book doesn't really provide much of an insight into the concepts of Linux firewalls, although Figure 1-1 is helpful.