Make no mistake, this book is on what it says it's about "Attack Detection and Response with iptables, psad, and fwsnort" it contains very little information about setting up iptables to block unwanted external traffic.

HOWEVER setting up iptables (in the basic sense) doesn't require an entire book. Sure there are whole books on that topic but there is no need for a 300 page book on it, that just seems to be the size computer books have to be in order to get published. Which means other books on iptables are probably going to about 250 pages of fluff.

Incidentally this book actually only spends about the first 35 pages describing that, the remainder is fantastic, useful, well written information about doing the things that make iptables truly useful. "detection and response" ACTIVELY securing your system.

In addition to being comprehensive and useful this book happens to be well written, far better than most technical books.

If you're thinking about buying a book on Linux firewalls, make it this one, but if you're not already familiar with iptables expect to read the first 35 pages, then a couple online tutorials and then come back to this book.

Make no mistake, this book is on what it says it's about "Attack Detection and Response with iptables, psad, and fwsnort" it contains very little information about setting up iptables to block unwanted external traffic.

HOWEVER setting up iptables (in the basic sense) doesn't require an entire book. Sure there are whole books on that topic but there is no need for a 300 page book on it, that just seems to be the size computer books have to be in order to get published. Which means other books on iptables are probably going to about 250 pages of fluff.

Incidentally this book actually only spends about the first 35 pages describing that, the remainder is fantastic, useful, well written information about doing the things that make iptables truly useful. "detection and response" ACTIVELY securing your system.

In addition to being comprehensive and useful this book happens to be well written, far better than most technical books.

If you're thinking about buying a book on Linux firewalls, make it this one, but if you're not already familiar with iptables expect to read the first 35 pages, then a couple online tutorials and then come back to this book.

Libraries catering to system administrators will find LINUX FIREWALLS an essential acquisition, discussing the technical aspects of the iptables firewall and Netfilter built into the Linux application. Examples of firewall log analysis, policies, network authorization processes and more compliment chapters that include Perl and C code pieces to help keep a network secure. The result is a fine pick for any programmer's library.

Disclaimer: I wrote the foreword for this book, so obviously I am biased. However, I am not financially compensated for this book's success.

In the foreword I note that Linux Firewalls is a "great book." As a FreeBSD user, Linux Firewalls is good enough to make me consider using Linux in certain circumstances! Mike's book is exceptionally clear, organized, concise, and actionable. You should be able to read it and implement everything you find by following his examples. You will not only learn tools and techniques, but you will be able to appreciate Mike's keen defensive insights.

The majority of the world's digital security professionals focus on defense, because offense is left to the bad guys, police, and military. I welcome books like Linux Firewalls that bring real defensive tools and techniques to the masses in a form that can be digested and deployed for minimum cost and effort.

One of the main reasons Linux Firewalls is a great book is that Mike Rash is an excellent writer. I've read (or tried to read) plenty of books that seemed to offer helpful content, but the author had no clue how to deliver that content in a readable manner. Linux Firewalls makes learning network security an enjoyable experience. Mike is exceptionally detail-oriented (see the RST vs RST ACK issue on p 63 and elsewhere) and he often cites sources and additional references. Linux Firewalls very nicely integrates sample network traffic to make numerous points; Ch 11 has several great examples. The sections on Fwsnort even improved my understanding of Snort itself.

The bottom line is that if you are a user of non-Microsoft operating systems (Linux, BSD, etc.) and you want to know how Linux can help defend your network, you will enjoy reading Linux Firewalls.

When I bought "Linux Firewalls" I was expecting a good book because I already knew that the work of Michael Rash is excellent. However, I expected the traditional Iptables handbook that looks more like a "man page". Surprisingly I found that the book was much better than that. Instead of detailing every single feature of the Iptables infrastructure, Michael Rash explains how Iptables can be used as a powerful (and free) Intrusion Detection/Prevention System. To achieve that, Rash presents three open source tools developed by himself: psad, an iptables-based port scan detector, fwsnort, a tool that translates snort rules into iptables sentences, and fwknop, a Port Knocking and SPA authentication system.

The book is very practical. It's amazing how everything is presented so clearly and with such useful examples. The author first introduces the potential threats that are associated with the Network Layer, Transport Layer and Application Layer (I loved those chapters). Then he starts discussing the detection of malicious attackers that try to break into the system. Finally he presents active response mechanisms against attackers and ways to secure the whole system with additional layers of security.

The book is great if what you want is to secure your Linux system using IPtables and the open source tools developed by Rash. Rash is an expert on firewalls and intrusion detection systems. If you follow his suggestions you'll build a very secure system. Firewall enthusiasts and TCP/IP fans will also enjoy reading the book because its written by a geek and its written for geeks. However, if you are looking for an Iptables handbook, you are looking for a theoretical book about Firewalls or you want to use other tools than the ones presented in the book, then "Linux Firewalls" may not be the best option for you.

Do you have any familiarity with TCP/IP networking concepts and Linux system administration? If you do, then this book is for you. Author Michael Rash, has done an outstanding job of writing a book that concentrates on network attacks--detecting them and responding to them.

Rash, begins with an introduction to packet filtering with iptables, including kernal build specifics and iptables administration. Then, the author shows the types of attacks that exist in the network layer and what you can do about them. Next, he illustrates classes of application layer attacks that iptables can be made to detect, and introduces you to the iptables string match extension. The author also discusses installation and configuration of psad, and shows you why it is important to listen to the stories that iptables logs have to tell. He continues by introducing you to advanced psad functionality, including integrated passive OS fingerprinting, Snort signature detection via packet headers, verbose status information, and Dshield reporting. Then, the author discusses the culmination of the attack detection and mitigation strategies that are possible with iptables. Next, he compares and contrasts two passive authorization mechanisms: port knocking and SPA. The author continues by showing you how to install and make use of fwknop together with iptables to maintain a default-drop stance against all unauthenicated and unauthorized attempts to connect to your SSH daemon. Finally, the author wraps up with some graphical representations of iptables log data.

This most excellent book takes on a highly applied approach. In other words, after reading this book, you will be armed with a strong working knowledge of how network attacks are detected and dealth with via iptables.

Watch Video Here: http://www.amazon.com/review/R26NFLQZ9DTFJI Not for beginners, you need some tech background to get much out of this.

( Full text review at http://aplawrence.com/6004 )

If so, this gem will walk you through the process of implementing three low-footprint applications which will create an additional ring of security, decreasing an attackers chances of penetrating through your online connection.

Although this is written for network security professionals, the average linux user can take this information and apply it to their desktop. (Ubuntu, Debian, Redhat, Gentoo, Suse, etc.) The book is full of information, examples, and testing procedures.

If you are looking to build a personal security "toolbox" for linux, then I recommend you consider this book. And for those of you that use ulog with iptables, don't forget to modify ULOG_DATA_FILE to /var/log/ulog/syslogemu.log.

I have been looking forward to getting this book into my hands, since the other projects Michael Rash has led so far look quite impressive to me. Looking at his website [...], I discovered Single Packet Authorization (SPA) with Fwknop, and therefore put port-knocking aside, to give us a more secure and more reliable solution to access services such as SSH. He covers this point (SPA), and talks about psad and fwsnort as well to show how to enhance security and understand attacks using the famous iptables project from Netfilter.

It is not a cook book to build iptables rules from scratch, and make something quite static, this book gives you the ablilities to create something dynamic, strong, and help you to monitor instrusions since the outside does not lack of imagination.

Along this book, we follow a logic which leads us through the OSI reference model layers and M. Rash's projects to help us to harden our security system. I have been surprised on how everything is well-explained, and well-documented. Thus, this book provides us with technical explanations and references, code snippets, attack descriptions, and useful links on related topics. You will find in this book the answer on how to use active responses to attacks, how to gather data and get a visual representation of an attack..., as a matter of fact, everything you need or wanted to know.

That's a great book.

F. Joncourt
Hardware/Software Engineer

Es uno de los mejores libros escritos en este tema que todo profesional en seguridad debería leer y una referencia obligatoria para todo aquel involucrado con los cortafuegos.

Describe el Quien, Como y Cuando se deben de mitigar los principales problemas asociados con la seguridad en el anfitrión. Cuando la ejecución de esfuerzos en las capas bajas del modelo OSI han sido rebasadas el uso de herramientas como psad, fwsnort e iptables nos dan un recurso simple, poderoso y efectivo en costos para asegurar un servicio crítico y fortalecer un anfitrión expuesto a las inclemencias de un ambiente cada vez más hostil.

Este libro es diferente a otros que hablan del mismo tema en su esfuerzo didáctico con ejemplos claros y apegados a los vectores de ataque comunes que uno debe de enfrentar cada día si se está inmerso en el campo de la seguridad informática.

Carlos A. Ayala
Oficial de Seguridad de la Información
Grupo Profuturo GNP


This is one of the best books in its subject that every security practitioner should read and obligatory reference for everyone involved with firewalls.

Describe the Who, How and When of the way in which the main issues related with host security should be mitigated.
When the execution of efforts in the lower layers of the OSI model has been exceeded the use of tools like psad, fwsnort and iptables give us a simple, powerful and cost effective resource to secure a critical service and harden a host exposed to the harshness of an environment every time more hostile.

This book is different to others who speak about the same subject in its didactic effort with clear examples and real life vector attacks that everyone immersed in the information security field must face every single day.

Carlos A. Ayala
Information Security Officer
Profuturo GNP Group