Welcome to the official site for Linux Firewalls, Third Edition

This is the official web site for the Linux Firewalls book published by Pearson on behalf of Novell Press. I took this book over from Robert Ziegler for its third edition. There's a lot of new material within the book and other various updates. Anyone wanting to implement iptables or firewalling in Linux might find this book helpful.

I also included specific information on securing Linux based on my experience working in ISP environments for years. It should be noted, due to some confusion, that even though this book was published under the Novell Press moniker, it's not affiliated with Novell or SuSE and will work on every flavor of Linux that I've encountered. Most of the book was written using a Debian host.

Read up on some of my latest projects at my Books, Writings, and Projects page.

Buy Now!

You can buy a copy of Linux Firewalls today!

Firewall Scripts

Here are the firewall scripts used in the book. These scripts are referenced within Appendix B of the book. Please be aware that, like the scripts in the book, these block RFC 1918 space and so you might block yourself out of the computer upon which you're running the script. I did this when first debugging the scripts as part of the revision process. If you're unsure of what this means for you, you shouldn't run any of the scripts!

Note that the files are plain text files but meant to be run as shell scripts. I've used a .txt extension on the files. Please rename as appropriate (for example, mv appb_firewall1_sh.txt appb_firewall1.sh).

Useful Sites & Utilities

Bugtraq Archive
Bugtraq is a popular (and moderated) mailing list for bug and vulnerability disclosure and some discussion.
Debian Security Advisories
Update announcements for Debian Linux.
grsecurity
The GrSecurity kernel patch examined in Linux Firewalls.
IP Calculator
An IP Subnet Calculator that's lightweight and powerful.
The Linux Kernel Archive
The Official Linux Kernel site.
Red Hat Errata
Update announcements for Red Hat Linux.
SANS Internet Storm Center
The ISC is a helpful site for current Internet issues.
Security Focus
Much useful security information is found on Security Focus.

Full Disclosure Archives
Full Disclosure is an unmoderated mailing list for bug and vulnerability disclosure and discussion. The link given seems rather slow, therefore also try an unofficial archive.
NANOG Mailing List
The North American Network Operators' Group mailing list is a good place to lurk in order to watch for Internet issues.
VMware
VMware is virtualization software that is quite helpful for testing different configurations before breaking the live systems. VMware was used extensively during the production process for Linux Firewalls, Third Edition.