内容简介

Firewalls, Network Address Translation (NAT), and network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered on Linux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off. Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get? This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The listings of all iptables options are divided into those suitable for firewalling, accounting, and NAT.

下载地址

豆瓣评论

  • 传说中的路
    相当于manpages + samples07-16
  • 沉淀的梦想
    前半部分基本概念讲得还行,看完理解了 iptables都基本设计。后面就一个个 match extension以及target逐个讲就有些无聊了,可能也和工具书的定位有关,建议跳过11-18
  • 我是猫
    IPTABLES.....01-21
  • ?..
    查命令可以,具体原理看founder的howto更快https://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-4.html02-13

猜你喜欢

大家都喜欢