- Tapa blanda: 288 páginas
- Editor: Packt Publishing (31 de octubre de 2006)
- Idioma: Inglés
- ISBN-10: 1904811655
- ISBN-13: 978-1904811657
- Valoración media de los clientes: Sé el primero en opinar sobre este producto
- Ver el Índice completo
Compara Precios en Amazon
+ EUR 2,99 de gastos de envío
+ Envío GRATIS
Designing and Implementing Linux Firewalls with Qos Using Netfilter, Iproute2, Nat and L7-Filter (Inglés) Tapa blanda – 31 oct 2006
|Nuevo desde||Usado desde|
Descripción del producto
Reseña del editor
After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation. These comprehensive set of set up scripts and set up guidelines to create firewall protection for various specific usage scenarios are unique and set this book apart.
Biografía del autor
Lucian Gheorghe has just joined the Global NOC of Interoute, Europe's largest voice and data network provider. Before Interoute, he was working as a senior network engineer for Globtel Internet, a significant Internet and Telephony Services Provider to the Romanian market He has been working with Linux for more than 8 years putting a strong accent on security for protecting vital data from hackers and ensuring good quality services for internet customers. Moving to VoIP services he had to focus even more on security as sensitive billing data is most often stored on servers with public IP addresses. He has been studying QoS implementations on Linux to build different types of services for IP customers and also to deliver good quality for them and for VoIP over the public internet. Lucian has also been programming with Perl, PHP and Smarty for over 5 years mostly developing in-house management interfaces for IP and VoIP services.
No es necesario ningún dispositivo Kindle. Descárgate una de las apps de Kindle gratuitas para comenzar a leer libros Kindle en tu smartphone, tablet u ordenador.
Obtén la app gratuita:
Detalles del producto
Si eres el vendedor de este producto, ¿te gustaría sugerir ciertos cambios a través del servicio de atención al vendedor?
Opiniones de clientes
|5 estrellas (0%)|
|4 estrellas (0%)|
|3 estrellas (0%)|
|2 estrellas (0%)|
|1 estrella (0%)|
Opiniones de clientes más útiles en Amazon.com
The QoS seemed to be mostly an afterthought. The QoS policies utilized were tailored to the example networks but there was no discussion of generic QoS capabilities.
The biggest gripe though, is that there was Zero coverage of DSCP and/or 802.1q packet tagging. This book considers queue scheduling based on netfilter or L7-filter to be all that exists as far as QoS is concerned. If you want treatment of DSCP or 802.1p look elsewhere.
P.S. This book is cookbook format. Don't expect to learn the intricate details. It is not a bad book if that is what you are looking for but if you want a more "textbook" style book with complete coverage you will be disappointed.
The language is extremely accessible and objective, unlike the majority of the many tutorials on this subject found on the net. It goes from the very basics with a good, and not boring, theoric base, and advances in a practical hands-on way, from a simple firewall script for a Linux Workstation to a complex structure of different firewalls connecting branches from a large company serving and using a great array of internet services.
The only buts I found were a couple of differences in behavior in some firewall rules, that produced a different result from the described in the book when I implemented them. However, they were easily corrected after a little traffic monitoring and googling. Probably from differences in Linux flavor or packet versions used. My advice is the same as always, test everything well before putting anything in production.
Bottom line is, best book I found to learn Linux Firewalls. Worth every cent.
You will learn about NAT and filtering. Maybe you will need read more about QoS, but like introduction it is fine.
Excellent book. It shows you about small-medium-large networks configurations.
The L7 tool, on the other hand, might have a slight advantage over either project until you take into account compatibilities with Linux Kernel Versions and their frenzied development cycle:
Either way, it seems that in order to implement an Application Layer 7 firewall, it would take work. OpenBSD gestures toward this idea by using tools such as relayd and a couple of other daemons which at the moment escape me, though I did recently learn at a Conference presentation given by two PF Developers, that there are many powerful, and integrated features within the OS which allow for 'socket splicing' and Application Proxying.
Dummynet may have the advantage in this arena, however, though with all its power, comes a steep learning curve.