Here is a list of links to resources and where I have gotten information
from, etc :
ip-sysctl.txt - from the 2.4.14 kernel. A
little bit short but a good reference for the IP networking controls and what
they do to the kernel.
RFC 768 - User Datagram Protocol - This is the
official RFC describing how the UDP protocol should be used, in detail, and all
of it's headers.
RFC 791 - Internet Protocol - The IP specification
as still used on the Internet, with additions and updates. The basic is still
the same for IPv4.
RFC 792 - Internet Control Message Protocol -
The definitive resource for all information about ICMP packets. Whatever
technical information you need about the ICMP protocol, this is where you
should turn first. Written by J. Postel.
RFC 793 - Transmission Control Protocol - This is the
original resource on how TCP should behave on all hosts. This document has been
the standard on how TCP should work since 1981 and forward. Extremely technical,
but a must read for anyone who wants to learn TCP in every detail. This was
originally a Department of Defense standard written by J. Postel.
RFC 1122 - Requirements for Internet Hosts - Communication
Layers - This RFC defines the requirements of the software running on
a Internet host, specifically the communication layers.
RFC 1349 - Type of Service in the Internet Protocol
Suite - RFC describing some changes and clarifications of the TOS
field in the IP header.
RFC 2401 - Security Architecture for the Internet
Protocol - This is an RFC talking about the IPSEC implementation and
standardisation. Well worth reading if you are working with IPSEC.
RFC 2474 - Definition of the Differentiated Services Field
(DS Field) in the IPv4 and IPv6 Headers - In this document you will
find out how the DiffServ works, and you will find much needed information
about the TCP/IP protocol additions/changes needed for the DiffServ protocol
RFC 2638 - A Two-bit Differentiated Services Architecture
for the Internet - This RFC describes a method of implementing two
different differentiated service architecture into one. Both where described
originally by D. Clark and van Jacobsen at the Munich IETH meeting 1997.
RFC 3168 - The Addition of Explicit Congestion Notification
(ECN) to IP - This RFC defines how ECN is to be used on a technical
level and how it should be implemented in the TCP and IP protocols. Written by
K. Ramakrishnan, S. Floyd and D. Black.
RFC 3260 - New Terminology and Clarifications for
Diffserv - This memo captures Diffserv working group agreements
concerning new and improved terminology, and provides minor technical
ip_dynaddr.txt - from the 2.4.14 kernel. A really short
reference to the ip_dynaddr settings available via sysctl and the proc
iptables.8 - The iptables 1.3.1 man page. This is an HTMLized
version of the man page which is an excellent reference when reading/writing
iptables rule-sets. Always have it at hand.
tutorial - Another tutorial I have written about the IP System Control
in Linux. A try to make a complete listing of all the IP variables that can be
set on the fly in Linux.
Using Linux - This is an excellent book that has now been opened up on
the Internet regarding Policy routing in Linux. It is well written and most
definitely worth buying. Written by Matthew G. Marsh.
Firewall rules table - A small PDF document gracefully given to this
project by Stuart Clark, which gives a reference form where you can write all of
the information needed for your firewall, in a simple manner.
- The official Netfilter and iptables
site. It is a must for everyone wanting to set up iptables
and Netfilter in linux.
- Nmap is one of the best, and most known, port scanners available. It
is very useful when debugging your firewall scripts. Take a closer look at it.
- The official Netfilter Frequently Asked
Questions. Also a good place to start at when wondering what
iptables and Netfilter is about.
- Rusty Russells Unreliable Guide to packet filtering. Excellent documentation
about basic packet filtering with iptables written by one of
the core developers of iptables and
- Rusty Russells Unreliable Guide to Network Address Translation. Excellent
documentation about Network Address Translation in
iptables and Netfilter written by one of
the core developers, Rusty Russell.
- Rusty Russells Unreliable Netfilter Hacking HOW-TO. One of the few
documentations on how to write code in the Netfilter and
iptables user-space and kernel space code-base. This was also
written by Rusty Russell.
- Excellent link-page with links to most of the pages on the Internet
about iptables and Netfilter. Also
maintains a list of iptables scripts for
Implementing Quality of Service Policies with DSCP
- A link about the cisco implementation of DSCP. This shows some classes used in
DSCP, and so on.
IPSEC Howto - This is the official IPSEC howto
for Linux 2.6 kernels. It describes how IPSEC works in the 2.6 kernels and up,
however, it is not the place to find out exactly how the Linux 2.2 and 2.4
kernels worked when it comes to IPSEC. Go to the FreeS/WAN site for that information.
FreeS/WAN - This is the official site for FreeS/WAN,
an IPSEC implementation for the Linux 2.2 and 2.4 kernel series. This site
contains documentation and all necessary downloads for the IPSEC implementation.
This effort has been discontinued due to several reasons discussed on the page,
but efforts will still be put into bugfixes, documentation and the forums. For
an IPSEC implementation for Linux 2.6 kernels, please look at the IPSEC Howto site and the
.html -Excellent discussion on automatic hardening of
iptables and how to make small changes that will make your
computer automatically add hostile sites to a special ban list in
/etc/protocols - An example
protocols file taken from the Slackware distribution. This can be used to find out
what protocol number different protocols have, such as the IP, ICMP or TCP
/etc/services - An example
services file taken from the Slackware distribution. This is extremely good to
get used to reading once in a while, specifically if you want to get a basic look
at what protocols runs on different ports.
Numbers Authority - The IANA is the organisation that is responsible for
fixing all numbers in the different protocols in an orderly fashion. If anyone
has a specific addition to make to a protocol (for example, adding a new TCP
option), they need to contact the IANA, which will assign the numbers requested.
In other words, extremely important site to keep an eye on.
RFC-editor.org - This is an excellent site for
finding RFC documents in a fast and orderly way. Functions for searching RFC
documents, and general information about the RFC community (I.e., errata, news,
Internet Engineering Task
Force - This is one of the biggest groups when it comes to setting and
maintaining Internet standards. They are the ones maintaining the RFC
repository, and consist of a large group of companies and individuals that work
together to ensure the interoperability of the Internet.
Linux Advanced Routing
and Traffic Control HOW-TO - This site hosts the Linux
Advanced Routing and Traffic Control HOWTO. It is one of the biggest and best
documents regarding Linux advanced routing. Maintained by Bert Hubert.
Linux Kernel patches - A site containing all of the kernel patches
written by Matthew G. Marsh. Among others, the FTOS patch is available here.
ULOGD project page - The homepage of the ULOGD
The Linux Documentation Project
is a great site for documentation. Most big documents for Linux is available
here, and if not in the TLDP, you will have to search the net very
carefully. If there is anything you want to know more about, check this site
Snort - this is
an excellent open source "network intrusion detection system" (NIDS) which looks
for signatures in the packets that it sees, and if it sees a signature of some
kind of attack or break-in it can do different actions that can be defined
(notifying the administrator, or take action, or simply logging it).
tripwire is an excellent security tool which can be used to find out about
host intrusions. It makes checksums of all the files specified in a
configuration file, and then it tells the administrator about any files that has
been tampered with in an illegit way every time it is run.
Squid - This is
one of the most known webproxies available on the market. It is open source, and
free. It can do several of the filtering tasks that should be done before the
traffic actually hits your webserver, as well as doing the standard webcaching
functions for your networks.
https://kalamazoolinux.org/presentations/20010417/conntrack.html - This
presentation contains an excellent explanation of the conntrack modules and
their work in Netfilter. If you are interested in more documentation on
conntrack, this is a "must read".
Excellent information about the CBQ,
tc and the ip commands in Linux. One of
the few sites that has any information at all about these programs. Maintained
by Stef Coene.
ailman/listinfo/netfilter- The official Netfilter mailing-list.
Extremely useful in case you have questions about something not covered in this
document or any of the other links here.