Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition

Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition

Released
Publisher(s): Addison-Wesley Professional
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

None

Table of contents

  1. About This eBook
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. Contents at a Glance
  6. Contents
  7. Preface
    1. Acknowledgments
  8. About the Author
  9. I. Packet Filtering and Basic Security Measures
    1. 1. Preliminary Concepts Underlying Packet-Filtering Firewalls
      1. The OSI Networking Model
        1. Connectionless versus Connection-Oriented Protocols
        2. Next Steps
      2. The Internet Protocol
        1. IP Addressing and Subnetting
        2. IP Fragmentation
        3. Broadcasting and Multicasting
        4. ICMP
      3. Transport Mechanisms
        1. UDP
        2. TCP
      4. Don’t Forget Address Resolution Protocol
      5. Hostnames and IP Addresses
        1. IP Addresses and Ethernet Addresses
      6. Routing: Getting a Packet from Here to There
      7. Service Ports: The Door to the Programs on Your System
        1. A Typical TCP Connection: Visiting a Remote Website
      8. Summary
    2. 2. Packet-Filtering Concepts
      1. A Packet-Filtering Firewall
      2. Choosing a Default Packet-Filtering Policy
      3. Rejecting versus Denying a Packet
      4. Filtering Incoming Packets
        1. Remote Source Address Filtering
        2. Local Destination Address Filtering
        3. Remote Source Port Filtering
        4. Local Destination Port Filtering
        5. Incoming TCP Connection State Filtering
        6. Probes and Scans
        7. Denial-of-Service Attacks
        8. Source-Routed Packets
      5. Filtering Outgoing Packets
        1. Local Source Address Filtering
        2. Remote Destination Address Filtering
        3. Local Source Port Filtering
        4. Remote Destination Port Filtering
        5. Outgoing TCP Connection State Filtering
      6. Private versus Public Network Services
        1. Protecting Nonsecure Local Services
        2. Selecting Services to Run
      7. Summary
    3. 3. iptables: The Legacy Linux Firewall Administration Program
      1. Differences between IPFW and Netfilter Firewall Mechanisms
        1. IPFW Packet Traversal
        2. Netfilter Packet Traversal
      2. Basic iptables Syntax
      3. iptables Features
        1. NAT Table Features
        2. mangle Table Features
      4. iptables Syntax
        1. filter Table Commands
        2. filter Table Target Extensions
        3. filter Table Match Extensions
        4. nat Table Target Extensions
        5. mangle Table Commands
      5. Summary
    4. 4. nftables: The Linux Firewall Administration Program
      1. Differences between iptables and nftables
      2. Basic nftables Syntax
      3. nftables Features
      4. nftables Syntax
        1. Table Syntax
        2. Chain Syntax
        3. Rule Syntax
        4. Basic nftables Operations
        5. nftables File Syntax
      5. Summary
    5. 5. Building and Installing a Standalone Firewall
      1. The Linux Firewall Administration Programs
        1. Build versus Buy: The Linux Kernel
        2. Source and Destination Addressing Options
      2. Initializing the Firewall
        1. Symbolic Constants Used in the Firewall Examples
        2. Enabling Kernel-Monitoring Support
        3. Removing Any Preexisting Rules
        4. Resetting Default Policies and Stopping the Firewall
        5. Enabling the Loopback Interface
        6. Defining the Default Policy
        7. Using Connection State to Bypass Rule Checking
        8. Source Address Spoofing and Other Bad Addresses
      3. Protecting Services on Assigned Unprivileged Ports
        1. Common Local TCP Services Assigned to Unprivileged Ports
        2. Common Local UDP Services Assigned to Unprivileged Ports
      4. Enabling Basic, Required Internet Services
        1. Allowing DNS (UDP/TCP Port 53)
      5. Enabling Common TCP Services
        1. Email (TCP SMTP Port 25, POP Port 110, IMAP Port 143)
        2. SSH (TCP Port 22)
        3. FTP (TCP Ports 21, 20)
        4. Generic TCP Service
      6. Enabling Common UDP Services
        1. Accessing Your ISP’s DHCP Server (UDP Ports 67, 68)
        2. Accessing Remote Network Time Servers (UDP Port 123)
      7. Logging Dropped Incoming Packets
      8. Logging Dropped Outgoing Packets
      9. Installing the Firewall
        1. Tips for Debugging the Firewall Script
        2. Starting the Firewall on Boot with Red Hat and SUSE
        3. Starting the Firewall on Boot with Debian
        4. Installing a Firewall with a Dynamic IP Address
      10. Summary
  10. II. Advanced Issues, Multiple Firewalls, and Perimeter Networks
    1. 6. Firewall Optimization
      1. Rule Organization
        1. Begin with Rules That Block Traffic on High Ports
        2. Use the State Module for ESTABLISHED and RELATED Matches
        3. Consider the Transport Protocol
        4. Place Firewall Rules for Heavily Used Services as Early as Possible
        5. Use Traffic Flow to Determine Where to Place Rules for Multiple Network Interfaces
      2. User-Defined Chains
      3. Optimized Examples
        1. The Optimized iptables Script
        2. Firewall Initialization
        3. Installing the Chains
        4. Building the User-Defined EXT-input and EXT-output Chains
        5. tcp-state-flags
        6. connection-tracking
        7. local-dhcp-client-query and remote-dhcp-server-response
        8. source-address-check
        9. destination-address-check
        10. Logging Dropped Packets with iptables
        11. The Optimized nftables Script
        12. Firewall Initialization
        13. Building the Rules Files
        14. Logging Dropped Packets with nftables
      4. What Did Optimization Buy?
        1. iptables Optimization
        2. nftables Optimization
      5. Summary
    2. 7. Packet Forwarding
      1. The Limitations of a Standalone Firewall
      2. Basic Gateway Firewall Setups
      3. LAN Security Issues
      4. Configuration Options for a Trusted Home LAN
        1. LAN Access to the Gateway Firewall
        2. LAN Access to Other LANs: Forwarding Local Traffic among Multiple LANs
      5. Configuration Options for a Larger or Less Trusted LAN
        1. Dividing Address Space to Create Multiple Networks
        2. Selective Internal Access by Host, Address Range, or Port
      6. Summary
    3. 8. NAT—Network Address Translation
      1. The Conceptual Background of NAT
      2. NAT Semantics with iptables and nftables
        1. Source NAT
        2. Destination NAT
      3. Examples of SNAT and Private LANs
        1. Masquerading LAN Traffic to the Internet
        2. Applying Standard NAT to LAN Traffic to the Internet
      4. Examples of DNAT, LANs, and Proxies
        1. Host Forwarding
      5. Summary
    4. 9. Debugging the Firewall Rules
      1. General Firewall Development Tips
      2. Listing the Firewall Rules
        1. iptables Table Listing Example
        2. nftables Table Listing Example
      3. Interpreting the System Logs
        1. syslog Configuration
        2. Firewall Log Messages: What Do They Mean?
      4. Checking for Open Ports
        1. netstat -a [ -n -p -A inet ]
        2. Checking a Process Bound to a Particular Port with fuser
        3. Nmap
      5. Summary
    5. 10. Virtual Private Networks
      1. Overview of Virtual Private Networks
      2. VPN Protocols
        1. PPTP and L2TP
        2. IPsec
      3. Linux and VPN Products
        1. Openswan/Libreswan
        2. OpenVPN
        3. PPTP
      4. VPN and Firewalls
      5. Summary
  11. III. Beyond iptables and nftables
    1. 11. Intrusion Detection and Response
      1. Detecting Intrusions
      2. Symptoms Suggesting That the System Might Be Compromised
        1. System Log Indications
        2. System Configuration Indications
        3. Filesystem Indications
        4. User Account Indications
        5. Security Audit Tool Indications
        6. System Performance Indications
      3. What to Do If Your System Is Compromised
      4. Incident Reporting
        1. Why Report an Incident?
        2. What Kinds of Incidents Might You Report?
        3. To Whom Do You Report an Incident?
        4. What Information Do You Supply?
      5. Summary
    2. 12. Intrusion Detection Tools
      1. Intrusion Detection Toolkit: Network Tools
        1. Switches and Hubs and Why You Care
        2. ARPWatch
      2. Rootkit Checkers
        1. Running Chkrootkit
        2. What If Chkrootkit Says the Computer Is Infected?
        3. Limitations of Chkrootkit and Similar Tools
        4. Using Chkrootkit Securely
        5. When Should Chkrootkit Be Run?
      3. Filesystem Integrity
      4. Log Monitoring
        1. Swatch
      5. How to Not Become Compromised
        1. Secure Often
        2. Update Often
        3. Test Often
      6. Summary
    3. 13. Network Monitoring and Attack Detection
      1. Listening to the Ether
        1. Three Valuable Tools
      2. TCPDump: A Simple Overview
        1. Obtaining and Installing TCPDump
        2. TCPDump Options
        3. TCPDump Expressions
        4. Beyond the Basics with TCPDump
      3. Using TCPDump to Capture Specific Protocols
        1. Using TCPDump in the Real World
        2. Attacks through the Eyes of TCPDump
        3. Recording Traffic with TCPDump
      4. Automated Intrusion Monitoring with Snort
        1. Obtaining and Installing Snort
        2. Configuring Snort
        3. Testing Snort
        4. Receiving Alerts
        5. Final Thoughts on Snort
      5. Monitoring with ARPWatch
      6. Summary
    4. 14. Filesystem Integrity
      1. Filesystem Integrity Defined
        1. Practical Filesystem Integrity
      2. Installing AIDE
      3. Configuring AIDE
        1. Creating an AIDE Configuration File
        2. A Sample AIDE Configuration File
        3. Initializing the AIDE Database
        4. Scheduling AIDE to Run Automatically
      4. Monitoring AIDE for Bad Things
      5. Cleaning Up the AIDE Database
      6. Changing the Output of the AIDE Report
        1. Obtaining More Verbose Output
      7. Defining Macros in AIDE
      8. The Types of AIDE Checks
      9. Summary
  12. IV. Appendices
    1. A. Security Resources
      1. Security Information Sources
      2. Reference Papers and FAQs
    2. B. Firewall Examples and Support Scripts
      1. iptables Firewall for a Standalone System from Chapter 5
      2. nftables Firewall for a Standalone System from Chapter 5
      3. Optimized iptables Firewall from Chapter 6
      4. nftables Firewall from Chapter 6
    3. C. Glossary
    4. D. GNU Free Documentation License
      1. 0. Preamble
      2. 1. Applicability and Definitions
      3. 2. Verbatim Copying
      4. 3. Copying in Quantity
      5. 4. Modifications
      6. 5. Combining Documents
      7. 6. Collections of Documents
      8. 7. Aggregation with Independent Works
      9. 8. Translation
      10. 9. Termination
      11. 10. Future Revisions of this License
      12. 11. Relicensing
  13. Index
  14. Code Snippets

Product information

  • Title: Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition
  • Author(s):
  • Release date:
  • Publisher(s): Addison-Wesley Professional
  • ISBN: None