From owner-freebsd-questions  Mon Oct 25  7: 3:35 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from Samizdat.uucom.com (samizdat.uucom.com [198.202.217.54])
	by hub.freebsd.org (Postfix) with ESMTP id 1CD2D14CA5
	for <freebsd-questions@FreeBSD.ORG>; Mon, 25 Oct 1999 07:03:32 -0700 (PDT)
	(envelope-from cshenton@uucom.com)
Received: (from cshenton@localhost)
	by Samizdat.uucom.com (8.9.3/8.9.3) id KAA26636;
	Mon, 25 Oct 1999 10:03:26 -0400 (EDT)
To: John <papalia@UDel.Edu>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: O'reilly & firewalls - outdated?
References: <4.1.19991025001028.0093b100@unix01.voicenet.com>
User-Agent: SEMI/1.13.3 (Komaiko) FLIM/1.12.5 (Hirahata) Emacs/20.3 (i386-pc-solaris2.7) MULE/4.0 (HANANOEN)
MIME-Version: 1.0 (generated by SEMI 1.13.3 - "Komaiko")
Content-Type: text/plain; charset=US-ASCII
From: Chris Shenton <cshenton@uucom.com>
Date: 25 Oct 1999 10:03:26 -0400
In-Reply-To: John's message of "Mon, 25 Oct 1999 00:12:40 -0400"
Message-ID: <lf66zv8rm9.fsf@Samizdat.uucom.com>
Lines: 25
X-Mailer: Gnus v5.6.45/Emacs 20.3
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 25 Oct 1999 00:12:40 -0400, John <papalia@UDel.Edu> said:

John> Hey all... I was looking at buying O'Reilly's "Building Internet
John> Firewalls" since it appears to be a highly recommended book by
John> both users as well as /etc/rc.firewall :)

John> I was wondering though - it was published Sept 1995... has
John> anything changed that much to make it outdated at this point?
John> Simply put I'm looking for a reference to provide some good
John> (great?) guidance for configuring IPFW and for understanding
John> what's going on.

The concepts are still valid, the principles remain the same. There
seems to be a shift from the  use of plugs/proxies to stateful packet
filters and NAT but that's implementation details. It's the best book
I've seen for hands-on understanding of firewalls.

But it's not going to be a direct guide to how to config a certain
package like IPFW, IPF, Cisco ACLs, TIS FWTK, etc. That's a good thing
-- learn the concepts, the figure out what syntax you need for the
package you've chosen. 

Learning the concepts first also helps you to evaluate which products
(or combinations of products) you'd prefer to implement, like FWTK,
NAT, IPF/IPFW, etc.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message