Summary

This chapter focused on ways for you to gain information from your firewall and take action. You read about ways that you can make your firewall aware of port scans, and enhance its reporting and blocking capacity.

It is vital that you make it as easy as possible to read your firewall log files and respond to new threats. Although the premier reason to create a firewall is to selectively allow traffic in and out of a network, the second most important benefit of a firewall is its ability to log traffic. In this chapter, you learned how to test your firewall by conducting limited attacks against it. You also learned how to remain informed concerning scanning attacks and others designed to crash your firewall. You now have the tools and skills required to receive automatic alerts, and have your firewall automatically drop connections to scanning hosts.

It is vital that you maintain your firewall, and with the tools presented in this chapter, you can gather the information required to maintain it intelligently. You now can receive informative alerts, and comprehensive information concerning your firewall. In regard to logging, both firelogd and fwlogwatch can be used together to create a comprehensive information system. Of course, new tools are being developed all the time, and you should work to remain informed about new projects, as well as updates to the tools presented in this chapter.