The subject of constructing rules for IPtables can be daunting, and often we are not thoroughly convinced about which rules are operating. This course has two primary goals: to make rule syntax easily understood, together with packet flow, and secondly to create rule sets which are based on sound thinking and natural language. The result will be rule sets which are small, easily understood at a glance, free of hidden exposures, and highly effective.

The second goal is the most important for us. We will first explore the mental guidelines for any filter, to ensure that our thinking is clear and accurate. Then we convert these notions into IPtables rules, a matter which will turn out to be easy. From that firm base we explore a few optional elaborations such as adding NAT support, very localized rules (say per subnet) and intruder blocking.

We do not explore all the nooks and crannies available with IPtables. Instead we focus on the job at hand: solid rule sets for servers and clients. The results replace vendor firewalls.

The course consists of discussion, slides and live demonstration by the instructor.

Interaction is encouraged.

This course will be delivered twice each day, once starting at 9am UK time and the other at 6pm UK time for the USA based audience.

The cost of the course will be £85 for EMEA based delegates and $125 for USA delegates. The course will be delivered to your desktop using Elluminate, details of which will be sent a few days before the course.