Bob Bruen's review of "Lunix Firewalls" by Robert L. Ziegler. IEEE Cipher, January 24, 2000

Linux Firewalls
Robert L. Ziegler
New Riders Publishing
470 pages, two appendices, glossary, index
2000. ISBN 0-7357-0900-9. Approx. $40

Reviewed by: Robert Bruen, MIT Laboratory for Information and Decision Systems. January 24, 2000.

New Riders has published the best firewall book since the original books released in 1994 (Cheswick & Bellovin) and 1995 (Chapman & Zwicky) that I have seen. Ziegler knows his stuff, writing in a detailed, clear style that should be copied by other aspiring writers. The book is aimed at Linux firewalls as the title states focusing on RedHat Linux 6.x and ipchains, but there is enough explanation of why one does things that it is still worth reading, even if you are not interested in Linux per se. Then again, you might be more interested in Linux after reading this book.

The book is organized into four main parts, the first is a short, single, background chapter covering TCP/IP, ports and packets. The fourth is comprised of the appendices and glossary. The first appendix presents several pages of useful resources as one would expect, but the second appendix has scripts that can be used to set up a firewall on your home Linux box, for both ipchains (RHL 6.x) and ipfwadm (RHL 5.x). There is also help for optimizing rules, not a trivial task, even if you can get the rules correct in the first place.

The real book is in Part II, Packet-Filtering and Basic Security Measures (chapters 2-5). These chapters are true explanations of how one goes about setting up ipchains, rule by rule, protocol by protocol, port by port and application by application. This is one of those rare books that is both readable straight through and can be used as a reference tool.

Chapter 2 covers nicely packet filtering. There is a very helpful table that describes network services (such as amd, bootp, dhcpd, arpwatch, autofs, etc) that many of the newer Linux users/sysadmins are not sure about. Ziegler describes each one, then recommends whether or not to run them on the firewall accompanied by the rationale. Often since new users do not know what these services are, they get started with the default install, leading to various security problems. Red Hat should have done as good a job in their documentation. The actual building and installing of ipchains in done chapter 3. The next chapter explains configurations for home size LANS and for larger LANS. Debugging strategies are the topic of the useful chapter 5.

Part III, System Level Security and Monitoring (chapters 6-8) is more general admin information, telling the reader about tools like ping, ifconfig, netstat, etc. in chapter 6. Chapter 7 presents authentication, authorization, SOCKS and logging. Intrusion detection makes up chapter 8. The book would have been just fine without these three chapters because they are only marginally related to firewalls. However, they are as high quality as the rest of the book, saving you the cost of another sysadmin security book.

Although the book is readable and provides background, it does not insult your intelligence, expecting you to work at the technical details. Firewalls are not easy to put up and maintain, thus the material is not easy. However if you work through it , you will be rewarded with the understanding of Linux firewalls. On one of my top choices of new books in security. And it is even reasonably priced.