Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort

Chapter 5. Firewall Optimization

Chapter 4, "Building and Installing a Standalone Firewall," used the iptables firewall administration program to build a simple, single-system, custom-designed firewall. This chapter introduces firewall optimization. Optimization can be divided into three major categories: rule organization, use of the state module, and user-defined chains. The example in the preceding chapter was shown both with and without the use of the state module. This chapter focuses on rule organization and user-defined chains.