Preface xix About the Author xxi Part I: Packet Filtering and Basic Security Measures 1 Chapter 1: Preliminary Concepts Underlying Packet-Filtering Firewalls 3 The OSI Networking Model 5 The Internet Protocol 7 Transport Mechanisms 14 Don''t Forget Address Resolution Protocol 17 Hostnames and IP Addresses 18 Routing: Getting a Packet from Here to There 19 Service Ports: The Door to the Programs on Your System 19 Summary 23 Chapter 2: Packet-Filtering Concepts 25 A Packet-Filtering Firewall 26 Choosing a Default Packet-Filtering Policy 29 Rejecting versus Denying a Packet 31 Filtering Incoming Packets 31 Filtering Outgoing Packets 46 Private versus Public Network Services 49 Summary 50 Chapter 3: iptables : The Legacy Linux Firewall Administration Program 51 Differences between IPFW and Netfilter Firewall Mechanisms 51 Basic iptables Syntax 54 iptables Features 55 Iptables Syntax 61 Summary 82 Chapter 4: nftables : The Linux Firewall Administration Program 83 nftables Features 84 nftables Syntax 85 Summary 93 Chapter 5: Building and Installing a Standalone Firewall 95 The Linux Firewall Administration Programs 96 Initializing the Firewall 99 Protecting Services on Assigned Unprivileged Ports 112 Enabling Basic, Required Internet Services 117 Enabling Common TCP Services 122 Enabling Common UDP Services 134 Logging Dropped Incoming Packets 138 Logging Dropped Outgoing Packets 138 Installing the Firewall 139 Summary 141 Part II: Advanced Issues, Multiple Firewalls, and Perimeter Networks 143 Chapter 6: Firewall Optimization 145 Rule Organization 145 User-Defined Chains 148 Optimized Examples 151 What Did Optimization Buy? 176 Summary 177 Chapter 7: Packet Forwarding 179 The Limitations of a Standalone Firewall 179 Basic Gateway Firewall Setups 181 LAN Security Issues 182 Configuration Options for a Trusted Home LAN 183 Configuration Options for a Larger or Less Trusted LAN 188 Summary 195 Chapter 8: NAT-Network Address Translation 197 The Conceptual Background of NAT 197 NAT Semantics with iptables and nftables 201 Examples of SNAT and Private LANs 206 Examples of DNAT, LANs, and Proxies 209 Summary 210 Chapter 9: Debugging the Firewall Rules 211 General Firewall Development Tips 211 Listing the Firewall Rules 213 Interpreting the System Logs 217 Checking for Open Ports 223 Summary 227 Chapter 10: Virtual Private Networks 229 Overview of Virtual Private Networks 229 VPN Protocols 229 Linux and VPN Products 232 VPN and Firewalls 233 Summary 234 Part III: Beyond iptables and nftables 235 Chapter 11: Intrusion Detection and Response 237 Detecting Intrusions 237 Symptoms Suggesting That the System Might Be Compromised 238 What to Do If Your System Is Compromised 241 Incident Reporting 243 Summary 247 Chapter 12: Intrusion Detection Tools 249 Intrusion Detection Toolkit: Network Tools 249 Rootkit Checkers 251 Filesystem Integrity 255 Log Monitoring 256 How to Not Become Compromised 257 Summary 261 Chapter 13: Network Monitoring and Attack Detection 263 Listening to the Ether 263 TCPDump: A Simple Overview 265 Using TCPDump to Capture Specific Protocols 272 Automated Intrusion Monitoring with Snort 286 Monitoring with ARPWatch 291 Summary 293 Chapter 14: Filesystem Integrity 295 Filesystem Integrity Defined 295 Installing AIDE 296 Configuring AIDE 297 Monitoring AIDE for Bad Things 301 Cleaning Up the AIDE Database 302 Changing the Output of the AIDE Report 303 Defining Macros in AIDE 306 The Types of AIDE Checks 307 Summary 310 Part IV: Appendices 311 Appendix A: Security Resources 313 Security Information Sources 313 Reference Papers and FAQs 314 Appendix B: Firewall Examples and Support Scripts 315 iptables Firewall for a Standalone System from Chapter 5 315 nftables Firewall for a Standalone System from Chapter 5 328 Optimized iptables Firewall from Chapter 6 33.