Book Review: Linux Firewalls

[book cover]

I've been using Ziegler's Linux Firewalls (2nd Edition) to teach myself iptables syntax. I'm not sure that it's the best book for getting started building firewalls and routers, bcause it advocates really compliated rulesets.

[]

There are some basic facts about the way iptables works that aren't explained well. One of them is the diagram on the left. Everyone always draws it funny. The way I draw it, all packes travel downward.

Compare the giant scripts in Ziegler to Rusty's Really Quick Guide To Packet Filtering

When I was done confguring my router, I had a 61 line iptables script that blocked most ports, did SNAT and DNAT. I didn't feel the need to, for example, DROP packets on the OUTPUT chain.

Ziegler could use a chapter on troubleshooting with tcpdump and other tools.