Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter
  • Table Of Contents Toc
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter

By : Lucian Gheorghe
4.3 (8)
Buy this Book
close
close
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter

Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter

4.3 (8)
By: Lucian Gheorghe
Buy this Book

Overview of this book

Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks. After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation. Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.
Table of Contents (14 chapters)
close
close
close
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Icon
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Credits
Icon
Credits
About the Author
Icon
About the Author
About the Reviewer
Icon
About the Reviewer
Preface
Icon
Preface
Lock Free Chapter
1
Networking Fundamentals
Icon
Networking Fundamentals
Icon
The OSI Model
Icon
The TCP/IP Model
Icon
OSI versus TCP/IP
Icon
IP Addressing, IP Subnetting, and IP Supernetting
Icon
How the Internet Works
Icon
Summary
2
Security Threats
Icon
Security Threats
Icon
Layer 1 Security Threats
Icon
Layer 2 Security Threats
Icon
Layer 3 Security Threats
Icon
Layer 4 Security Threats
Icon
Layer 5, 6, and 7 Security Threats
Icon
Summary
3
Prerequisites: netfilter and iproute2
Icon
Prerequisites: netfilter and iproute2
Icon
netfilter/iptables
Icon
iproute2 and Traffic Control
Icon
Summary
4
NAT and Packet Mangling with iptables
Icon
NAT and Packet Mangling with iptables
Icon
A Short Introduction to NAT and PAT (NAPT)
Icon
NAT Using iptables
Icon
Packet Mangling with iptables
Icon
Summary
5
Layer 7 Filtering
chevron up
Icon
Layer 7 Filtering
Icon
When to Use L7-filter
Icon
How Does L7-filter Work?
Icon
Installing L7-filter
Icon
L7-filter Applications
Icon
IPP2P: A P2P Match Option
Icon
IPP2P versus L7-filter
Icon
Summary
6
Small Networks Case Studies
Icon
Small Networks Case Studies
Icon
Linux as SOHO Router
Icon
Linux as Router for a Typical Small to Medium Company
Icon
Summary
7
Medium Networks Case Studies
Icon
Medium Networks Case Studies
Icon
Example 1: A Company with Remote Locations
Icon
Example 2: A Typical Small ISP
Icon
Summary
8
Large Networks Case Studies
Icon
Large Networks Case Studies
Icon
Thinking Large, Thinking Layered Models
Icon
A Real Large Network Example
Icon
Summary
1
Index
Icon
Index

Chapter 5. Layer 7 Filtering

In Chapter 1 of this book, we presented the OSI and TCP/IP networking models. As we saw there, even if the TCP/IP model has the widest usage, the reference model is OSI.

Let's have a look at the TCP/IP and OSI models again:

At Layer 7 of the OSI model, we find Application (HTTP, FTP, SSH, etc.). As you can see from the picture above, TCP/IP compacted OSI Layers 7, 6, and 5 into one Layer, TCP/IP Layer 4 (Application), which has the same name, but different functionality.

Filtering and prioritizing traffic from some applications can be very easy and very hard at the same time. Normally, we would filter/prioritize web traffic by matching TCP packets with source or destination port 80, which is the standard HTTP port. However, web servers can be configured to use any port; so our filters/prioritizations won't work for that particular traffic.

Another big problem network administrators have is filtering traffic belonging to P2P (peer to peer) applications like Kazaa...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter
End of Section 5
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon