[RndTbl] Main firewall / router for public facing subnet

Trevor Cordes trevor at tecnopolis.ca
Tue Mar 31 00:59:51 CDT 2020


On 2020-03-31 Alberto Abrao wrote:
> I must make it clear that I don't expect anyone to walk me through
> it, hold my hand or anything. Some recommended reading would be all
> it takes, even if it's a monster tome. And I can't think of a better
> place to ask for this than here, otherwise I will have tons of people
> selling me Cisco stuff or whatever.

That's a great question.  I wish I could refer you to a great tome
(especially an O'Reilly book!) that would give the birds eye view of
how you achieve your goals.  Alas, even though I have 250 print ORM /
NSP / Wiley books, none I've ever seen fits that bill.

If I think back to how I learned this type of stuff (besides my
University network course which was like a ISS-level view) it was
basically reading iptables and tc man pages and looking at netfilter
packet flow charts (some very good ones out there!) and then just
tinkering.

There is a NSP "Linux Firewalls" book (just won at the last meeting,
unfortunately) which gives a decent intro to iptables, but is fairly
dated and mostly focuses on an obscure packet monitoring program the
author wrote, which probably isn't used much anymore.  Not useful for
what you are doing.

I'm sure you'll find some pfsense books, but I bet there's not much for
the DIYer who wants to roll their own (regardless of OS).  Hopefully
someone can prove me wrong!

The funny thing is, in the end you'll spend hours/days figuring out a
new tool or kernel feature only to write a handful of lines in a script
or config file somewhere that does what you want.  But then it's yours
forever (in many ways)!


More information about the Roundtable mailing list