Thursday, March 28, 2013

Designing and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter

Designing and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter

Authors Year Pages Publisher Dimensions, inch. File type Size, Mb First 20 pages
Lucian Gheorghe 2006 285 Packt Publishing 8.5х11 PDF 5 First 20 pages


Book Description
This practical guide teaches you how to implement effective network protection by using your own customized firewall solution. Based on extensive practical experience, this book distills a unique set of scenario based scripts and guidelines for a proven firewall solution, into one succinct and precise book. This book is aimed at Linux Network administrators with some understanding of Linux security threats and issues, or any one interested in securing their systems behind a firewall. Basic knowledge of Linux is presumed but other than that this book shows you how to do the rest, from configuring your system to dealing with security breaches.


Detailed explanation: ID 10017



About the Author
Lucian Gheorghe has just joined the Global NOC of Interoute, Europe's largest voice and data network provider. Before Interoute, he was working as a senior network engineer for Globtel Internet, a significant Internet and Telephony Services Provider to the Romanian market He has been working with Linux for more than 8 years putting a strong accent on security for protecting vital data from hackers and ensuring good quality services for internet customers. Moving to VoIP services he had to focus even more on security as sensitive billing data is most often stored on servers with public IP addresses. He has been studying QoS implementations on Linux to build different types of services for IP customers and also to deliver good quality for them and for VoIP over the public internet. Lucian has also been programming with Perl, PHP and Smarty for over 5 years mostly developing in-house management interfaces for IP and VoIP services.



Most Helpful Customer Reviews
Very good book October 22, 2007
By Adrian Sanchez Soto

If you like opensource, QoS, Firewalls... this book would be what you need.

If you are netadmin, sysadmin or you are an IT guy and learn this book, you can limit p2p/bittorrent traffic, guarantee bandwith for some services like http, ftp, voip, etc. (QoS), you can protect your network with firewalls.

First in chapter 1 we learn about Networking Fundamentals, then in chapter 2, about Security Threats in every OSI layer. After that we are ready to learn about basis of netfilter and iproute (Firewall and QoS).

In next chapters, show us how to do layer 7 filtering, practical QoS and more advanced things. Then we apply this knowledge in a very practical serie of scenerios that come later in the book.

Very good book, I recomend this to you.

Disappointing April 20, 2009
By Jarrett Miller

For some this might be a great book. For me, I found the title misleading. I was mainly interested in the QoS aspect as there are already excellent books available on firewalling and NAT.

The QoS seemed to be mostly an afterthought. The QoS policies utilized were tailored to the example networks but there was no discussion of generic QoS capabilities.

The biggest gripe though, is that there was Zero coverage of DSCP and/or 802.1q packet tagging. This book considers queue scheduling based on netfilter or L7-filter to be all that exists as far as QoS is concerned. If you want treatment of DSCP or 802.1p look elsewhere.

P.S. This book is cookbook format. Don't expect to learn the intricate details. It is not a bad book if that is what you are looking for but if you want a more "textbook" style book with complete coverage you will be disappointed.

Great for Linux Firewall beginners February 4, 2011
By faraumont

For the ones, as myself, who use Linux for some time and wish to learn how to build firewalls using it, this is the book.

The language is extremely accessible and objective, unlike the majority of the many tutorials on this subject found on the net. It goes from the very basics with a good, and not boring, theoric base, and advances in a practical hands-on way, from a simple firewall script for a Linux Workstation to a complex structure of different firewalls connecting branches from a large company serving and using a great array of internet services.

The only buts I found were a couple of differences in behavior in some firewall rules, that produced a different result from the described in the book when I implemented them. However, they were easily corrected after a little traffic monitoring and googling. Probably from differences in Linux flavor or packet versions used. My advice is the same as always, test everything well before putting anything in production.

Bottom line is, best book I found to learn Linux Firewalls. Worth every cent.
Detailed explanation: ID 10017

No comments:

Post a Comment