Linux iptables Pocket Reference
Firewalls, NAT & Accounting
Publisher: O'Reilly Media
Final Release Date: August 2004
Pages: 98

Firewalls, Network Address Translation (NAT), network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered onLinux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off.Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get?This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The book has an introductory section that describes applications,followed by a reference/encyclopaedic section with all the matches and targets arranged alphabetically.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyLinux iptables Pocket Reference
 
3.5

(based on 4 reviews)

Ratings Distribution

  • 5 Stars

     

    (2)

  • 4 Stars

     

    (0)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (2)

  • 1 Stars

     

    (0)

Reviewed by 4 customers

Sort by

Displaying reviews 1-4

Back to top

 
2.0

A concise, detailed reference of iptables and its features

By Jascha

from Barcelona

About Me Developer, Sys Admin

Verified Reviewer

Pros

  • Concise

Cons

  • Does Not Explain
  • No examples

Best Uses

  • Expert

Comments about oreilly Linux iptables Pocket Reference:

I have been reading this book for the first time back in 2013 but a couple of months ago I planned to give it a second try, not sure what I was expecting to magically find there. So despite postdating it some four to five times, I have finally dedicated a couple of days' commute time to this title, a quite outdated and thin book about iptables. A must know for any System Administrator, iptables is a technology tbat has been there since forever and that hasn't experienced any real revolution lately, which makes this book still valid despite being more than 10 years old. Incredibly, despite being such a fundamental powertool in every Sys Admin's belt out there, Amazon's bookshelf only has a handful of titles dedicated to it; tons covering security overall, but iptables itself less than a page of results. Google is not more merciful: the pages covering the basics and providing real-world examples are very limited. Is iptables some kind of ...secret?

Evaluating this book is somehow challenging: most people buy this title thinking that they have bought something else. What follows is a poor rating and a couple of bitter lines as a review. What is this book? As the title suggests, this book is a reference. It does explain iptables' options and quirks, up to the very bits. Each and everything iptables allows the enthusiast to do is religiously reported. Mind it, written, not explained. This leads to the hardest question: what is not this book? This book is not an introductory text neither to security nor to iptables. It does not explain iptables role in the 7 levels ISO/OSI stakc. It does not provide any real example. Similarly, it does not show, step by step, how to configure a gateway firewall to protect services X and Y from malicious outsiders.

Linux Iptables Pocket Reference is meant to be used by System Administrators, as well as by developers that are involved in low level network programming (Openstack Neutron?). It does expect the reader to know its way through both network security overall and iptables in particular. This makes it a target of a very limited niche of professionals, not the casual enthusiast.

Overall a very concise book, no doubts. I am personally not sure this book is a good suggestion to System Administrators. Not only great answers can be found on Stack Overflow, but man pages are there for a reason. It is certainly not recommended to anyone who is interested in getting started with network security and iptables. There are better choices out there.

Suggested readings:
Linux Firewalls: an excellent introduction to iptables, with examples explained step-by-step. It also covers incident response.

As usual, you can find more reviews on my personal blog: http://books.lostinmalloc.com. Feel free to pass by and share your thoughts!

 
5.0

Not meant to be complete, meant to make you understand.

By Michael VD

from Belgium Brussels

About Me Sys Admin

Pros

  • Accurate
  • Concise
  • Easy to understand
  • Helpful examples
  • Well-written

Cons

    Best Uses

    • Expert
    • Intermediate

    Comments about oreilly Linux iptables Pocket Reference:

    If you have a fair level on linux but don't know where to start to use iptables, this is the stuff.
    Even if it is a reference, it is also a short effective manual to know the "vocabulary" of the firewalling in general. It makes you want to try out stuffs. It doesn't really give you example, but makes you find the right ones.
    Great author.

    (15 of 15 customers found this review helpful)

     
    5.0

    Great as a pocket reference

    By Brian Raaen

    from Undisclosed

    Comments about oreilly Linux iptables Pocket Reference:

    This book was designed to be a pocket reference and not as a how-to guide. While this book has some good explanations of the path a packet takes through the kernel, it do not tell you how to set up filtering rules. It is a good place to look something up quick. The tables with the protocol numbers and port numbers has been very useful for me, and I keep this book in my laptop case at all times. If you are considering whether to get this book or not, keep the following in mind. If you have a good understanding to tcp/ip, networking protocols, and a working understanding of iptables this book is a good reference guide. If you are not familiar with those concepts you should look for a better how-to guide or learning book.

    (8 of 13 customers found this review helpful)

     
    2.0

    It's okay but...

    By BigDumbDinosaur

    from Undisclosed

    Comments about oreilly Linux iptables Pocket Reference:

    If this is your first time setting up the Linux packet filtering functions you will need to refer to other documentation. This pocket guide is most useful to someone who is already familiar with the workings of iptables. I do not recommend it for a beginner.

    Little explanation is given in this guide on the theory of packet filtering and network address translation (NAT), and the examples, as is so typical of a lot of Linux documentation, make too many assumptions about the reader's knowledge. In particular, the NAT section is woefully inadequate -- I can glean more information about NAT from the ipfilters man page.

    I was also disappointed in the typesetting of this guide. The font is too small and the font weight produces, in my opinion, a poor contrast between characters and paper. I struggled trying to read this guide in anything other than high light levels and concluded that I had wasted my money. I'll keep it here in my library (returning it would cost almost as much as it's worth) but it will probably gather a lot of dust.

    Displaying reviews 1-4

    Back to top

     
    Buy 2 Get 1 Free Free Shipping Guarantee
    Buying Options
    Immediate Access - Go Digital what's this?
    Ebook: $7.99
    Formats:  DAISY, ePub, Mobi, PDF
    Print & Ebook: $10.95
    Print: $9.95