Linux Firewalls: Enhancing Security With Nftables And Beyond by Steve SuehringLinux Firewalls: Enhancing Security With Nftables And Beyond by Steve Suehring

Linux Firewalls: Enhancing Security With Nftables And Beyond

bySteve Suehring

Paperback | January 29, 2015

Pricing and Purchase Info

$52.63 online 
$56.99 list price save 7%
Earn 263 plum® points

Prices and offers may vary in store


In stock online

Ships free on orders over $25

Not available in stores


The Definitive Guide to Building Firewalls with Linux


As the security challenges facing Linux system and network administrators have grown, the security tools and techniques available to them have improved dramatically. In Linux® Firewalls, Fourth Edition, long-time Linux security expert Steve Suehring has revamped his definitive Linux firewall guide to cover the important advances in Linux security.


An indispensable working resource for every Linux administrator concerned with security, this guide presents comprehensive coverage of both iptables and nftables. Building on the solid networking and firewalling foundation in previous editions, it also adds coverage of modern tools and techniques for detecting exploits and intrusions, and much more.


Distribution neutral throughout, this edition is fully updated for today’s Linux kernels, and includes current code examples and support scripts for Red Hat/Fedora, Ubuntu, and Debian implementations. If you’re a Linux professional, it will help you establish an understanding of security for any Linux system, and for networks of all sizes, from home to enterprise.


Inside, you’ll find just what you need to

  • Install, configure, and update a Linux firewall running either iptables or nftables
  • Migrate to nftables, or take advantage of the latest iptables enhancements
  • Manage complex multiple firewall configurations
  • Create, debug, and optimize firewall rules
  • Use Samhain and other tools to protect filesystem integrity, monitor networks, and detect intrusions
  • Harden systems against port scanning and other attacks
  • Uncover exploits such as rootkits and backdoors with chkrootkit


Steve Suehring is a technology architect who consults and speaks on a wide variety of technology-related subjects. He has worked in Linux administration and security since 1995, and served as Linux Security editor for LinuxWorld magazine. His previous books include JavaScript Step by Step, Third Edition (Microsoft Press, 2013), and M...
Title:Linux Firewalls: Enhancing Security With Nftables And BeyondFormat:PaperbackDimensions:432 pages, 9.1 × 7 × 1.2 inPublished:January 29, 2015Publisher:Pearson EducationLanguage:English

The following ISBNs are associated with this title:

ISBN - 10:0134000021

ISBN - 13:9780134000022


Table of Contents

Preface         xix

About the Author         xxi


Part I: Packet Filtering and Basic Security Measures 1

Chapter 1: Preliminary Concepts Underlying Packet-Filtering Firewalls         3

The OSI Networking Model   5

The Internet Protocol   7

Transport Mechanisms   14

Don’t Forget Address Resolution Protocol   17

Hostnames and IP Addresses   18

Routing: Getting a Packet from Here to There   19

Service Ports: The Door to the Programs on Your System   19

Summary   23


Chapter 2: Packet-Filtering Concepts         25

A Packet-Filtering Firewall   26

Choosing a Default Packet-Filtering Policy   29

Rejecting versus Denying a Packet   31

Filtering Incoming Packets   31

Filtering Outgoing Packets   46

Private versus Public Network Services   49

Summary   50


Chapter 3: iptables : The Legacy Linux Firewall Administration Program         51

Differences between IPFW and Netfilter Firewall Mechanisms   51

Basic iptables Syntax   54

iptables Features   55

Iptables Syntax   61

Summary   82


Chapter 4: nftables : The Linux Firewall Administration Program         83

nftables Features   84

nftables Syntax   85

Summary   93


Chapter 5: Building and Installing a Standalone Firewall         95

The Linux Firewall Administration Programs   96

Initializing the Firewall   99

Protecting Services on Assigned Unprivileged Ports   112

Enabling Basic, Required Internet Services   117

Enabling Common TCP Services   122

Enabling Common UDP Services   134

Logging Dropped Incoming Packets   138

Logging Dropped Outgoing Packets   138

Installing the Firewall   139

Summary   141

Part II: Advanced Issues, Multiple Firewalls, and Perimeter Networks       143

Chapter 6:  Firewall Optimization         145

Rule Organization   145

User-Defined Chains   148

Optimized Examples   151

What Did Optimization Buy?   176

Summary   177


Chapter 7:  Packet Forwarding         179

The Limitations of a Standalone Firewall   179

Basic Gateway Firewall Setups   181

LAN Security Issues   182

Configuration Options for a Trusted Home LAN   183

Configuration Options for a Larger or Less Trusted LAN   188

Summary   195


Chapter 8:  NAT–Network Address Translation         197

The Conceptual Background of NAT   197

NAT Semantics with iptables and nftables   201

Examples of SNAT and Private LANs   206

Examples of DNAT, LANs, and Proxies   209

Summary   210


Chapter 9: Debugging the Firewall Rules          211

General Firewall Development Tips   211

Listing the Firewall Rules   213

Interpreting the System Logs   217

Checking for Open Ports   223

Summary   227


Chapter 10: Virtual Private Networks         229

Overview of Virtual Private Networks   229

VPN Protocols   229

Linux and VPN Products   232

VPN and Firewalls   233

Summary   234


Part III: Beyond iptables  and nftables          235

Chapter 11: Intrusion Detection and Response         237

Detecting Intrusions   237

Symptoms Suggesting That the System Might Be Compromised   238

What to Do If Your System Is Compromised   241

Incident Reporting   243

Summary   247


Chapter 12:  Intrusion Detection Tools         249

Intrusion Detection Toolkit: Network Tools   249

Rootkit Checkers   251

Filesystem Integrity   255

Log Monitoring   256

How to Not Become Compromised   257

Summary   261


Chapter 13:  Network Monitoring and Attack Detection         263

Listening to the Ether   263

TCPDump: A Simple Overview   265

Using TCPDump to Capture Specific Protocols   272

Automated Intrusion Monitoring with Snort   286

Monitoring with ARPWatch   291

Summary   293


Chapter 14:  Filesystem Integrity         295

Filesystem Integrity Defined   295

Installing AIDE   296

Configuring AIDE   297

Monitoring AIDE for Bad Things   301

Cleaning Up the AIDE Database   302

Changing the Output of the AIDE Report   303

Defining Macros in AIDE   306

The Types of AIDE Checks   307

Summary   310


Part IV: Appendices         311

Appendix A:  Security Resources         313

Security Information Sources   313

Reference Papers and FAQs   314


Appendix B:  Firewall Examples and Support Scripts         315

iptables Firewall for a Standalone System from Chapter 5    315

nftables Firewall for a Standalone System from Chapter 5    328

Optimized  iptables Firewall from Chapter 6   332

nftables Firewall from Chapter 6    345


Appendix C: Glossary         351


Appendix D: GNU Free Documentation License         363

0. Preamble   363

1. Applicability and Definitions   363

2. Verbatim Copying   365

3. Copying in Quantity   365

4. Modifications   366

5. Combining Documents   367

6. Collections of Documents   368

7. Aggregation with Independent Works   368

8. Translation   368

9. Termination   369

10. Future Revisions of this License   369

11. Relicensing   370


Index         371