Netfilter, firewall, Iptables, Ipchains, DoS, DDoS

Hi, I found this reference information for people who wants to get rich knowlege about sysadmin.. (Part 2)

Part1 - Basics, important sites, HOWTO's, handbooks, hardening, tips
Part2 - Netfilter, firewall, Iptables, Ipchains, DoS, DDoS
Part3 - Intrusion detection, integrity checks: IDS, NIDS, HIDS, Antivirus, software
Part4 - Chroot, chrooting, jailing, comparimization
Part5 - Forensics, recovery, undelete
Part6 - Securing networked services

Part2 - Netfilter, firewall, Iptables, Ipchains, DoS, DDoS

*Please note the easiest way to troubleshoot Netfilter related problems is to add log (target) rules before any "decision" in a chain.
** Please note there's a LOT of firewall scripts on LQ: just search the Linux - Security and Linux - networking fora please.

LQ search, iptables+howto:
IPTables Tutorial: http://iptables-tutorial.frozentux.n...-tutorial.html
IPSysctl Tutorial: http://ipsysctl-tutorial.frozentux.n...-tutorial.html Packetfiltering HOWTO: Iptables tutorial:
Iptables Connection tracking:
Taking care of the New-not-SYN vulnerability:

TLDP Ipchains HOWTO: Ipchains HOWTO:

Web-browsers, mail clients, FTP clients, IM, P2P ports database for building your own rules:

Other resources/misc stuff
Basic introduction to building ipchains rules:
Explanation of the Ipchains logformat:
Ipchains log decoder:
Basics on firewalling:
CERT: Home Network Security:
Firewall FAQ:
Assigned ports > 1024:
Port designations:
Firewall Forensics FAQ (What am I seeing?):
Linux Firewall and Security Site:
Auditing Your Firewall Setup (old, still usefull), :
TLDP: Firewall Piercing mini-HOWTO:
Something called the "Home PC Firewall Guide":
Vendor/Ethernet MAC Address Lookup:
Netfilter Iptabes/Ipchains Log Format:
Dshield (find out if IP was marked as used in attacks):
Port search (Snort):
Neohapsis Port search:
P2P ports (IPMasq):
Is "Stealth" important?:
Infosyssec's Firewall Security and the Internet (badly updated site):

Webbased portscan services:

DoS info
Hardening the TCP/IP stack to SYN attacks:
SANS, Help Defeat Denial of Service Attacks: Step-by-Step:
SANS, ICMP Attacks Illustrated:
CERT, Denial of Service Attacks:
NWC, Fireproofing Against DoS Attacks (forms of):

DDoS info
SANS, Consensus Roadmap for Defeating Distributed Denial of Service Attacks:
SANS, Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth:
SANS, Understanding DDOS Attack, Tools and Free Anti-tools with Recommendation:, Minimizing the Effects of DoS Attacks:
CISCO, Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks:
Dave Dittrich's references:
Xinetd Sensors:
Xinetd FAQ:

Original Source: