作者：Gregor N. Purdy
出版日期：November 2004
出版社：O'Reilly
页数：96
ISBN：ISBN-10: 0596005695 ISBN-13: 978-0596005696
文件格式：PDF

Firewalls, Network Address Translation (NAT), and network logging andaccounting are all provided by Linux’s Netfilter system, also known bythe name of the command used to administer it, iptables. The iptablesinterface is the most sophisticated ever offered on Linux and makesLinux an extremely flexible system for any kind of network filteringyou might do. Large sets of filtering rules can be grouped in ways thatmakes it easy to test them and turn them on and off.Do you watch forall types of ICMP traffic–some of them quite dangerous? Can you takeadvantage of stateful filtering to simplify the management of TCPconnections? Would you like to track how much traffic of various typesyou get?
This pocket reference will help you at those critical moments whensomeone asks you to open or close a port in a hurry, either to enablesome important traffic or to block an attack. The book will keep thesubtle syntax straight and help you remember all the values you have toenter in order to be as secure as possible. The listings of alliptables options are divided into those suitable for firewalling,accounting, and NAT.