Firewalls, Network Address Translation (NAT), network logging and
accounting are all provided by Linux's Netfilter system, also known by
the name of the command used to administer it, iptables. The
iptables interface is the most sophisticated ever offered onLinux and
makes Linux an extremely flexible system for any kind of network
filtering you might do. Large sets of filtering rules can be grouped in
ways that makes it easy to test them and turn them on and off.Do you
watch for all types of ICMP traffic--some of them quite dangerous? Can
you take advantage of stateful filtering to simplify the management of
TCP connections? Would you like to track how much traffic of various
types you get?This pocket reference will help you at those critical
moments when someone asks you to open or close a port in a hurry, either
to enable some important traffic or to block an attack. The book will
keep the subtle syntax straight and help you remember all the values you
have to enter in order to be as secure as possible. The book has an
introductory section that describes applications, followed by a
reference/encyclopaedic section with all the matches and targets
arranged alphabetically.