Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -2 articles for you...
102
network securityfirewalliptablesHow to Configure Firewall-cmd for Enhanced Linux Network Security
Linux is more secure than other operating systems. But that's not the only reason why you might not need an antivirus or firewall while using Linux. . Linux isn't invulnerable . In fact, that's one of the most common cybersecurity myths that gets Linux users into trouble. This belief makes it easy to put your guard down, and when your guard is down, you're most likely to get sucker punched. But just because Linux has security holes doesn't mean you need antivirus or firewall software. Your choice of security settings will have been discussed in detail during the installation of your Linux system but you may not remember them by now. In this article, we will talk about configuring the firewall with the firewall-cmd command. What Is a Firewall? Firewalls are a key aspect of network security, thus a sysadmin should understand how they function. If you understand firewalls, you can keep your network safe by making informed decisions about which traffic to let in and out. A firewall is simply a filter that determines which network packets can come into your computer from the internet and which can leave your computer to the internet. It's mainly used to allow and/or disallow incoming connections. Outgoing connections are rarely filtered. In simple words, it is a sort of wall between your computer and the outside world. Does Linux Need a Firewall? This is nearly always a question. 99% of Linux users believe that Linux is secure by default. By default, almost all Linux distributions do not have a firewall. To be more precise, they have a dormant firewall. Because the Linux kernel includes a built-in firewall, and theoretically all Linux distributions include one, but it is not configured or active. But don't worry, even without an active firewall, your Linux is still safe. Most distributions, including Ubuntu and Linux Mint, have no open ports by default, ensuring that outsiders cannot access your machine. Nonetheless, I urge that you enable a firewall. It is preferable to be safe than sorry. We willfurther discuss how to configure the linux firewall using firewall-cmd. What Is Iptables? Iptables is a command-line firewall tool that allows or blocks traffic using policy chains. When a connection attempts to establish itself on your system, iptables searches its rule list for a match. If it cannot discover one, it falls back on the default action. iptables is nearly usually included with each Linux distribution. Iptables tends to use 3 different chains: input, forward, and output. With this, you can create different rulesets for different machines on the network, however, why not make it easier by using firewall-cmd! What Is firewall-cmd & firewalld? Firewall-cmd is a command-line interface for the firewalld daemon, which communicates with the Linux kernel's netfilter framework. This stack is unlikely to be found on the embedded modems commonly found in small and medium-sized enterprises, but it is present on or available for any Linux distribution that supports systemd. Firewalld is a dynamically controlled firewall that supports network/firewall zones, which specify the level of trust for network connections or interfaces. It supports IPv4 and IPv6 firewall settings, as well as ethernet bridges and IP sets. Runtime and permanent configuration choices are separated. It also provides an interface via which services or programs may easily add firewall rules. Configuring the Firewall with firewall-cmd Depending on your linux distribution, you may or may not have the firewall-cmd command already installed. Without an operational firewall, firewall-cmd has nothing to control, thus the first step is to check that firewalld is running: $ sudo systemctl enable --now firewalld Zones are used as presets in Firewall-cmd, offering you reasonable options to pick from. This saves you from having to design a firewall from the ground up. Zones are assigned to network interfaces. Run the command below to check your zones: $ firewall-cmd --list-all-zones If I wanted to create a new zone, I would use the command: $ sudo firewall-cmd --new-zone [zonename] --permanent Additionally, I can use the following commands to check which ports and services are allowed: $ firewall-cmd --list-services $ firewall-cmd --list-ports To check which zones are active, run the command: $ sudo firewall-cmd --get-active-zones To add a service and allow connections for that service, you use the –add-service argument as shown below: $ sudo firewall-cmd --add-service http --permanent The command above allows the http services to run in the default zone. If you want to specify the zone, you can run: $ sudo firewall-cmd --zone=public --add-service http --permanent The command above allows http traffic for the zone “public”. To remove a service and block the connection, just remove it like below: $ sudo firewall-cmd --remove-service http --permanent $ sudo firewall-cmd --reload Any time you make a change to the firewall using firewall-cmd, make sure to reload all the settings or else the change will not take effect. To check for additional arguments, you can run the command firewall-cmd –help. Why firewalld & firewall-cmd? You can do a lot more with firewall-cmd, such as define your own services, ICMP blocking, and designating sources of allowable incoming traffic. Although not overly suggested for enterprise-level security, firewall-cmd is still an excellent and viable solution for daily users and corporations alike that require a rapid degree of security. If you're new to Linux security, firewall-cmd is a wonderful way to get started with ipchains and iptables. Firewall-cmd allows you to quickly set up a basic firewall if you already know ipchains. Additionally, the runtime environment is readily modifiable. There is no requirement torestart the daemon or service. It is straightforward for services, programs, and users to modify firewall settings thanks to the firewalld D-Bus interface. This is useful for administrators since it allows for runtime testing and evaluation due to the separation of the runtime and permanent configuration. Final Thoughts The only time you'd need a firewall is if you're running some kind of server application on your system most of the time. In this case, a firewall will restrict incoming connections to certain ports, making sure that they can only interact with the proper server application. Again, there is no harm in not having a firewall activated on your Linux machine. All we are saying is that you should think about implementing a firewall using firewall-cmd for increased security! . Discover whether Linux requires a firewall and how to set it up with firewall-cmd for enhanced protection and effective network control.. Linux Firewall Management, Network Protection, Configure Firewalld, System Security. . Brian Gomez
Sep 19, 2022
•
102
intrusion preventionsecurity measuresfirewallEnhancing Network Security With Netfilter's Content-Based Filtering
This article will discuss a very useful but seemingly overlooked functionality of Netfilter, a firewall code widely used in Linux, that provides content matching and filtering capabilities. . This feature is offered as patch to Netfilter kernel-space code (Linux kernel) and user-space code (iptables) Since version 1.2.7a, it's been made available as a separate package called patch-o-matic. Traditional network-level firewall can inspect packets based on IP addresses, ports, TCP/IP flags completely ignoring the content in the payload. Imagine, what you can do with a firewall that can inspect more than just headers but the content in payload of every packet. With that type of firewall, you can easily block malicious worms and viruses that , I believe, are still hiting your machine every minute of the day. More interestingly, there are tools that will convert snort signatures into iptables-aware format (even with hex string support), enabling intrusion prevention at the kernel space and stopping the attacks before they occur. Having said all that, I shall show you how to put things together: First thing you need to do is to grab all the required packages: Kernel source code which has Netfilter kernel-space code integrated and compatible with the latest Netfilter user-space code (version 2.4.18+) . The latest stable version can be downloaded at ( https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/linux-2.4.21.tar.bz2 ) Netfilter user-space code which is now iptables, (latest version is 1.2.8) but currently only version 1.2.7a supports hex string patch ( https://netfilter.org/projects/iptables/files/iptables-1.2.7a.tar.bz2 ) and the corresponding patch-o-matic package ( https://netfilter.org/projects/patch-o-matic-ng/files/patch-o-matic-20030107.tar.bz2 ) FWSnort, a perl script that will convert most snort rules into iptables rules. Don't forget to grab a hex string support patch that adds a hex-string capability to libipt_string.c to iptables source also. All these stuff areavailable at ( www.cipherdyne.com/fwsnort/ ) Unpacking them in appropriate directory: [tony@0x90 src]$ tar -jxf linux.2.4.21.tar.bz2 [tony@0x90 src]$ tar -jxf iptables-1.2.8.tar.bz2 [tony@0x90 src]$ tar -jxf patch-o-matic-20030107.tar.bz2 Apply libipt_string patch to iptables source and build iptables kernel and user spaces code: [tony@0x90 src]$ cd iptables-1.2.7a/extensions [tony@0x90 extensions]$ patch -p1 < libipt_string.c.patch [tony@0x90 iptables-1.2.7a]$ make KERNEL_DIR=../linux-2.4.21 [tony@0x90 iptables-1.2.7a]$ sudo make install KERNEL_DIR=../linux-2.4.21 Next step is to apply a string match support from a patch-o-matic package. A patch-o-matic is a series of Netfilter add-ons that provides extra functionality to original Netfilter. It has a nice automated script that will allow you to choose which patches you want integrated and checks their dependencies. You should be aware that,some patches might not work with one another, so carefully read the comments before you apply any patches. In this case, we will apply only string-match support patch: [tony@0x90 src]$ cd patch-o-matic-20030107 [tony@0x90 patch-o-matic-20030107]$ KERNEL_DIR=../linux-2.4.21 ./runme extra Welcome to Rusty's Patch-o-matic! Each patch is a new feature: many have minimal impact, some do not. Almost every one has bugs, so I don't recommend applying them all! ------------------------------------------------------- Testing... fuzzy.patch NOT APPLIED ( 2 missing files) The base/fuzzy patch: Author: Hime Aguiar e Oliveira Jr. Status: Under development , but works . This option adds CONFIG_IP_NF_MATCH_FUZZY, which allows you to match packets according to adynamic profile implemented by means of a simple Fuzzy Logic Controller (FLC) . Suppported options are: --upper-limit => Desired upper bound for traffic rate --lower-limit => Lower bound over which the FLC starts to limit traffic ----------------------------------------------------------------- Do you want to apply this patch [N/y/t/f/a/r/b/w/v/q/?] N This patch is not of our interest, so answer no (N) to go to the next one. Keep going until you find our string-match (-m string -string) patch and answer yes (y) to apply it: Testing... string.patch NOT APPLIED ( 2 missing files) The extra/string patch: Author: Emmanuel Roger Status: Working, not with kernel 2.4.9 This patch adds CONFIG_IP_NF_MATCH_STRING which allows you to match a string in a whole packet. THIS PATCH DOES NOT WORK WITH KERNEL 2.4.9 !!! ----------------------------------------------------------------- Do you want to apply this patch [N/y/t/f/a/r/b/w/v/q/?] y Testing patch extra/string.patch... Placed new Config.in line Placed new Configure.help entry Placed new Makefile line Patch extra/string.patch applied cleanly. Applying patch extra/string.patch... Patch extra/string.patch applied cleanly. Placed new Config.in line Placed new Configure.help entry Placed new Makefile line [Press enter to continue] Now, go back to the directory where you unpacked the kernel source and proceed with the compilation. (If you have compiled your own kernel before, you can just skip reading this section), Instructions on how to compileand customize your kernel can be read at (https://tldp.org/HOWTO/Kernel-HOWTO.html) [tony@0x90 linux-2.4.21]$ make mrproper && make menuconfig [tony@0x90 linux-2.4.21]$ make menuconfig [tony@0x90 linux-2.4.21]$ make dep && make bzImage [tony@0x90 linux-2.4.21]$ sudo make modules && make modules_install [tony@0x90 linux-2.4.21]$ sudo cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.21 [tony@0x90 linux-2.4.21]$ sudo mkinitrd -f -v /boot/initrd-2.4.21.img 2.4.21 Finally, we are done with building all the components, reboot the system and enjoy your new toy. Now let's test this new functionality and use it as an active defense system: # This rule rejects all incoming mails with a string of "Buy Now" which many people consider it #as spam iptables -A INPUT -p tcp -dport 25 -m string --string "Buy Now" -j REJECT --reject-with tcp-reset # Blocks superscan ping but allows other types ping iptables -A INPUT -p icmp -icmp-type 8 -m string -string "|0000000000000000|" -j DROP # This will reset any connection that attempts to access a shell, in which you will find in most exploit codes iptables -A INPUT -p tcp -m string --string "/bin/sh" -j REJECT --reject-with tcp-reset Let's see if it works, on the server side execute nc -vv -l -p 23, on the remote host execute: telnet 10.0.0.1 23 Trying 10.0.0.1 Connected to 10.0.0.1 Escape character is '^]'. hello /bin/sh Connection closed by foreign host. # Thanks to hex string support, now we can easily block x86 NOOP sleds used in most buffer overflow exploits (use this with care, since it is possible that binary files transfer in e-mail may contain these strings and will get dropped!) iptables -A INPUT -p tcp -dport 22 -m string --hex-string "|90 90 90 90 90 90|" -j DROP iptables -A INPUT -p tcp -dport 80 -m string --hex-string "|90 90 90 90 90 90|" -j DROP You can try any buffer overflow exploits and will find that most of them get silently dropped! Now, you begin to have some idea on how to use this new feature as a content-based firewall system either for your local host or internal network. The FWSnort script that you have downloaded in the beginning will come into play as we will use it to convert some snort signatures into iptables rules. First unpack the source and install it: [tony@0x90 fwsnort-0.1]$ sudo perl install.pl Edit the configuration /etc/fwsnort/fwsnort.conf file to suit your needs and start the conversion: [tony@0x90 fwsnort-0.1]$ sudo fwsnort -c /etc/fwsnort/fwsnort.conf --ipt-drop A converted set of snort rules will be written to /etc/fwsnort/fwsnort.sh in a form of a shell script. Modify it again to suit your need , and merge it with your existing firewall rule. One thing you should keep in mind when working with a large iptables rules is that, everytime you perform an APPEND or INSERT, iptables will allocate a memory and invoke this function every time , resulting in a very slow performance. Iptables has a solution to this problem byproviding you scripts that will load a large rule set into the kernel very quickly or dump the current rule set from the kernel into iptables configuration file. So I suggest you first run your firewall script and then save it as iptables format using the command: iptables-save > /etc/syconfig/iptables Then whenever you need to reload the firewall rule-set you simply issue the command iptables-restore , and all rules will be reloaded in a much faster manner. Up to this point, you may think that if this functionality is so powerful, why doesn't anyone use it in replacement for snort? Although, Netfilter can perform a stateful inspection of content in a packet at the network level, it still lacks advanced capabilities in handling fragmented packets, polymorphic shell codes, traffic normalization, etc. Snort, on the other hands, can perform a pattern matching using a much faster algorithm called Boyer-Moore, supports a stateful packet analysis and stream reassembly. If you are interested in using snort as defense system, there is an ongoing honeypot project ( ) that uses a modified version of snort called snort_inline and a special set of firewall rules to achieve a hybrid firewall system. In conclusion, I would like to comment that intrusion prevention is still at its early stage and there is no out-of-the-box product that will perfectly fits your requirements. Every network has its own culture and usage behavior thus needs a distinctly unique tuning. Don't simply rely on a single tool but do correlate data from various sources and use them to understand your network and improve your security infrastructure. Nawapong Nakjang has been working in the areas of information security, network security and cryptography for several years. Hisinterests include intrusion detection, honeypots, incident investigation, malicious code analysis, computer forensics and penetration testing. Occasionally, he writes security-related article and answers security questions in mailing lists. He plans to pursue his second degree in Information Security and publishes more papers to the security community. . Network security is crucial as new threats emerge. Netfilter, a robust Linux firewall, enhances security with advanced content filtering and intrusion prevention. Netfilter Content Filtering, Intrusion Prevention System, iptables Configuration. . Brittany Day
Aug 04, 2003
•
102
network securityfirewallsecurity best practicesIptables Tutorial Insights From Oskar Andreasson on Linux Security
Oskar Andreasson speaks with LinuxSecurity.com about his comprehensive IP Tables tutorial and how this document can be used to build a robust firewall for your organization. . R ecently I had an opportunity to speak with Oskar Andreasson, author of the Linux IP Tables Tutorial Oskar announces his documents after spending the last several months writing and researching the information necessary to provide a Linux administrator with the information necessary to secure his Linux box. In his document, he discusses such topics the basics of configuring the kernel, configuring Red Hat to prepare for using IP Tables, a basic description of the iptables command, a number of great firewall examples, and more. LinuxSecurity.com: Why did you decide to write the iptables reference? Oskar Andreasson: When I started using Linux 2.4 I noticed a huge black hole in the documentation for the netfilter code and how to use it. Sure, there was the howtos written by Rusty Russell and the man page. There was no documentation at all describing how to get started, nor was there any examples available. During the time, I was also doing a lot of "work" for our site writing news and so on. I have always been proposing more material of our own on the BoingWorld site and since I found an area that I thought needed more/better documentation, I started writing. After some 1-2 months I had the first version of the tutorial published. It was quite small, only 20-30 pages or so, and didn't cover all the intricacies of iptables and the more I used iptables and tested it; the more things I found that needed documentation. In other words, I continued writing on the tutorial, and today it is much larger and contains much more information, to say the least. LinuxSecurity.com: Who are your target audience and why? Oskar Andreasson: Tricky question, I don't know really. At the beginning it was mainly aimed at the beginners and novices of iptables and who had a little bitof experience with TCP/IP networking as well as Linux basics. I still think the tutorial is aimed at those, but it contains more information today about the advanced functions of netfilter and iptables so it might be fairly well suited for the advanced users as well who might find some interesting reads in the tutorial. Of course, the tutorial also aims at the security interested people out there and anyone who might be interested in setting up a local network with Internet access. LinuxSecurity.com: How did you get started with Linux and security? Oskar Andreasson: Computer security has always intrigued me ever since I started using a PC for the first time around 1992 or so. Previously, I had used Amigas since I was 7-8 years old. In those days (Amiga days), it was mainly viruses I found interest in. Later on I got an Internet connection and got more and more interested in network security and, to be honest, different kinds of exploits, DoS attacks and spoofing. However, I was locked to a 486 50 MHz jar with 8 Megs of ram at the time and had no other OS than Windows 3.11 and MS-DOS 6.2. It was not until 93-94 or so that I started seeing Linux around and tested it. At the beginning, I can't say I liked it. The first time around I never got it to install at all. The second time around, "it" crashed my monitor (OK, I had to blame something, didn't I) and I had to get another monitor out on the warranty. After that it took a year or so until I tried getting Linux to run again, and by that time it had evolved incredibly (I could get it to install, isn't that evolution?). By that time, I went up to the second or third step on the ladder to becoming a "Linux Guru" (I got saved from the Windows hell and started preaching), and I think I'm still stuck somewhere around there. LinuxSecurity.com: What are your future plans for the iptables reference? Oskar Andreasson: Currently there are quite a lot of plans. As I said before, the moreI write, the more I find that I want to write about. This constitutes a small problem since I only have so many hours to write. As it looks now, I want to finish the chapter about how a rule is written, and then I want to add a chapter about the state machine. After this I need to go through the explanation of the rc.firewall.txt script again since the actual script has changed quite a lot but I haven't had the time to update the text describing the script. Then there is a request by some people that want to know how to make a transparent http proxy with iptables and squid. I know the last has already been described by the squid documentation, so it is not high priority right now, however I feel that it should at least be mentioned. One of the long-term goals of this project is actually to print a book of the whole tutorial and sell to the readers who liked the tutorial. This would not change the fact that the tutorial will be available on the Internet, it will always be. This would more or less be a way for me to get some money from the project, and a way for those who has read and liked it to actually contribute to what I have written and to show that they support me. Of course, I would have to see what kind of support I have among the readers/visitors for doing this before actually printing it. I hope that there will be at least a 200 persons or so willing to buy the printed version for a reasonable price. If so, I think it's worth printing a series. If not, well, it would be sad if not even 200 persons liked it enough to actually buy it. LinuxSecurity.com: What are some of the major pitfalls Linux Administrators fall into? How can your iptables reference help to avoid these problems? Oskar Andreasson: One of the main problems of Linux today is in my way of seeing things, that there is a huge lack of documentation, especially when you start digging into the deeper aspects of Linux. Also, some commands and functions are clearly not documentedenough. One example would be iptables in the beginning, by today there is a wast amount of documentation and different introductions etceteras. Another example that I have noticed is the iproute2 package, which in my way of seeing things is one of the most complex and hardest to understand packages for Linux that is available today. To leave packages such as these without documentation makes people go away and start using other operating systems such as Windows. To leave these extremely powerful parts of Linux undocumented should almost be criminal, it is horrendous to see these parts undocumented. Sure, there are a lot of pieces of information available out there, but a lot of it raises more questions than they answer. My answer to the first question would, hence, be that they might do errors due to a lack of documentation. These errors might be unknown to the Linux administrator for a long time and, in the long run they may notice the error to late. For example, after the hacker/cracker found the erroneous set-up and exploited it. What I hope that this tutorial do, is that it gives people new knowledge about the Linux firewalling possibilities, how they work, and a general knowledge of how to set it up properly. I hope that the iptables-tutorial give Linux administrators the possibility to easily learn about netfilter and iptables and in an as complete document as possible. LinuxSecurity.com: What do you feel is the most common Linux system vulnerability? What can be done to prevent this? Oskar Andreasson: I don't think there is a single most common Linux system vulnerability, and it will definitely not stop a determined attacker. If you have fixed the most common vulnerability and someone is determined to get into your host, then you can be certain that the attacker will leave the second most common vulnerability out, or the third for that matter. However, good security practices on a server includes installing only the absolutely necessarypackages. For example, if a box is supposed to run as only an DNS and HTTP server, well keep it to the A, N and D Slackware packages, and do the expert installation and select which packages you want exactly. For Red Hat, do the same thing select the installed packages. When finally installed, erase everything not needed, including the man reader. All you really should need is a text editor, HTTP, SSH server, DNS, login programs and all the standard ls, cd commands etc. The fewer packages we have to keep up to date, the less work to maintain and to keep it up and running. After this, it is all a matter of keeping those few packages you have installed up to date. Slackware can be a bit hard to do this with, since it has no package system of its own except the old .tgz packages and installer, and there is no real "errata" site for it to my knowledge. Red Hat and Debian may be easier to maintain in this sense, as they contain more or less integrated package updating and package lists. On the other side, this may be a bad thing for the really hard working administrator who wants to keep his packages up to date by hand, and who does it faster than Red Hat and Debian, for example, updates their packages. Also, a nice firewall will always be handy when it comes to security. Iptables is an excellent choice when it comes to this, though it takes a lot of work to get it up and running in comparison to some Windows firewalls (BlackIce Defender, etc.), it is extremely versatile and can do pretty much whatever you want to. However, a firewall is never near good enough based on only a packet filtering mechanism. I would suggest at least installing a NIDS (i.e., snort) and an IDS (i.e., tripwire) on the same box. At the top of that, if you're really security conscious, I'd suggest using kernel security patches and such. LinuxSecurity.com: Do you believe the open source nature of Linux provides a superior vehicle to making security vulnerabilities easier to spot and fix? Oskar Andreasson: I most definitely think so. Open source gives everyone the chance to look at the source code, and it becomes easier to spot errors for a third party, and hence report to the producer. A person using an open source product is more likely to actually look at the code and to try and fix the problem, and then send the bug over to the developer, in my own experience. Of course, there are those who don't report the bugs, and instead start using it to their own advantage (for example, hack sites with the bug and so on). However, the percentage of users doing the latter is a dwindling small amount of people, I think. Closed source on the other hand is harder to debug for a third party, and if you really do find a bug, you are more likely to just throw the bug on the crap pile and hope for it to be fixed in the next release, they don't feel anything in common for the actual development of the product nor do they actually have a good reason for telling the developers about the bug. In open source, you can have the problem fixed within 3 minutes by yourself and have a bug report sent away and how to fix it, in closed source, you find a bug, send a bug report and then sit down and wait for 2-6 weeks before anything happens. Finally, you get a reply that this is not a bug; this is a feature(TM) (strangely enough removed in the next version of the program). LinuxSecurity.com: Are there other documents you have written that you think might be beneficial to the Linux and open source security communities? Oskar Andreasson: Yes, I think there is. I have currently written an online course about Linux and Unix for a company called Libendo. This is about the same size as the iptables tutorial, but is elementary and guides a total new user to Linux through their first experience. This is one of the more peculiar basic documents written about Linux, I believe since it is 100% based on the shell, and there is more or less no graphical user interfaceused throughout the whole course. I believe that this course may actually hold a lot of interest even for the Linux zealots out there who may not have a lot of experience with the console of Linux. If there is any Swedish speaking people, I suggest them to check out in a couple of months when this course goes online. I have also started another project on my spare time, to document the iproute2 package and its uses. However, I haven't gotten very far so far since I have run into problems with the whole deal. Anyway, my aims with this documentation is to get more people to understand the extremely advanced routing functionalities that really are part of Linux. Some good examples of what this document will contain is explanations on how the ip command works and the syntax, how all the different options and flags to the command is used and information on how each "subcommand" works. I haven't put a lot of time into this project so far, mainly because I want to finish up a lot of loose ends with the iptables tutorial before walking into another huge project. I think that this project will look a lot like the iptables tutorial when it gets going, especially in writing style and how it will be built up with a lot of examples among other things. However, I don't plan to get this project really moving until the iptables tutorial has stabilized, in perhaps 2-3 months. LinuxSecurity.com: Is there something the community can do to assist you with writing and maintaining your security research? Oskar Andreasson: There is actually something people could do to contribute to this tutorial. I am in an extreme need for a lab network at the moment since I lost the main part of it when I moved 5-6 months ago. At the moment of writing this, I have only two computers available, one Pentium 200 MHz MMX and one Pentium 120 MHz laptop. If anyone living in Sweden (Stockholm) knows about a party of 4-5 computers of any type that some company or private person is willing to giveaway, either as junk, or just as a contribution, I will owe them extremely much. Any kind of computer would suffice, even Pentiums at the moment, as long as I can have a few network cards with them (9 or so, but less would suffice too). My private budget would not in any way make this possible at this stage, and to be able to finish both the iptables tutorial, and the iproute2 tutorial this would be more or less necessary. LinuxSecurity.com: Oskar, thanks much for your time, and we look forward to reading your future Linux security documents. . Explore Oskar Andreasson's teachings on the critical need for thorough iptables documentation to enhance security on Linux firewalls, emphasizing organized rules and clarity.. iptables Tutorial, Firewall Security, Linux Network Administration. . Brittany Day
Nov 27, 2001
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More