...making Linux just a little more fun!

<-- prev | next -->

Configuring IPCop Firewalls (Book Review)

By Ben Okopnik

CIF.RVW 20070116
%A   Barrie Dempster
%A   James Eaton-Lee
%C	 Birmingham, UK
%D   Sep 2006
%G   1-904811-36-1
%I   PACKT Publishing
%O   http://www.packtpub.com/ipcop/book
%P   228 pages
%T   "Configuring IPCop Firewalls/Closing Borders with Open Source"


Perhaps it's just my strong editorial preferences - or maybe my somewhat naive expectation that technical material will be edited for accuracy - but this book managed to hit the bottom of my personal rating system with a solid "THUNK" in the first couple of pages. Misspellings, a clear absence of post-production review (e.g., "At least one Network Interface Card NIC is required..."), endless errors of basic grammar and diction, confusion in the usage of conventions that are defined in the book's own preface - all these added up to a nearly-instant impression of second-rate, amateur publishing. (The "Errata" section was particularly amusing, stating as it does that any errors reported will "save other readers from frustration"; the implementation of this would be fascinating, since it would require the ability to reverse the flow of time.) Although I was still willing to be convinced (after all, the preface may have been copied from boilerplate), the problems remained and grew in scope as the book went on.

It is possible the authors are experts in networking and firewall configuration; I'm willing to give them the benefit of the doubt. If so, that fact would be impossible to divine from this book: the statements made about networking in general are often near-quotations of textbook material that are only peripherally applicable to the subject at hand, and are occasionally incorrect, outdated, or made with an obvious lack of understanding of the underlying issues.

As a consultant and a professional technical instructor, I have on occasion been required to teach in situations where I knew the student materials to be poorly written. At those times, I advised the students to arm themselves with pens - preferably red ones - and had them correct the errors in the book as we worked through it. In retrospect, I believe that those students learned more (and had a lot more fun in the process) than the ones who had excellent materials from the start. Perhaps this book would make an excellent foil for that sort of usage, as long as it is taught by a competent professional with a sharp eye for errors - but for a new user who is unfamiliar with the actual details of networking, this book would be a poor start indeed.

"If you learn it right, you'll do it right the rest of your life. If you
learn it wrong, you'll do it wrong and spend the rest of your life trying
to learn to do it right."
 -- Sgt. Steve Prazenka

Although I'm sure that Hack's old platoon sergeant never read this book, his oft-stated dictum applies in full here. This is not a book for those who want to learn it right.

Diving In Head-First

In the first chapter - in theory, the chapter that introduces firewalls and the basic concepts of networking - the second paragraph contains a statement that runs as follows:

Don't worry if you don't understand all of the concepts we discuss -
equally, readers more comfortable with networking concepts should be able
to skip ahead. IPCop makes explicit understanding of many of these concepts
irrelevant, as it attempts to make administration simple and automated
wherever possible."

I agree with the above in principle: the readers who are comfortable with networking concepts should skip ahead - unless they want entertainment. Readers who are not comfortable with networking concepts should also skip ahead - all the way to the end of the book. Then they should skip over to their computer, and thence to http://www.ipcop.org/ where they can click on the "Docs" tab - an excellent, detailed series of documents written in plain English and addressing the specific issues and questions of dealing relevant to IPCop. They'll have an easier time reading the material, a better chance of understanding the concepts, and waste less time on non-pertinent issues.

The Other Bits

The rest of the book is of much the same quality as the above, and consists essentially of installation and configuration instructions without - as far as I can tell - any expansion on or amplification of the material available on the IPCop.org site. In all truth, a recap of the included material would be tedious and would serve no one; consequently, you won't find it here.

Just for contrast, by the way: I spent about 10 minutes poking around in the "Docs" section of the IPCop site, and was uniformly impressed with everything I saw; when it came to this book, I was disillusioned within 2 minutes and became progressively more disappointed over the (approximately) 90 minutes that I spent conscientiously poring over its tortuous byways and blind alleys.

In short, I wish I had my 90 minutes back.


I can say, with a clear heart, that I had no axe to grind as I went about doing this review; the opposite, if anything. Kshipra Singh, the representative of PACKT Publishing who contacted me, was most friendly and cooperative, the book was in my hands very quickly after he offered to send it to me for review, and the graphical design of the book cover is quite nice. The end result, however, has caused me to underscore, in my mind, the old truism: the Open Source community, at its best, performs far better work than its commercial competitors. The contrast - as in this case - can be glaringly obvious.

Talkback: Discuss this article with The Answer Gang


Ben is the Editor-in-Chief for Linux Gazette and a member of The Answer Gang.

Ben was born in Moscow, Russia in 1962. He became interested in electricity at the tender age of six, promptly demonstrated it by sticking a fork into a socket and starting a fire, and has been falling down technological mineshafts ever since. He has been working with computers since the Elder Days, when they had to be built by soldering parts onto printed circuit boards and programs had to fit into 4k of memory. He would gladly pay good money to any psychologist who can cure him of the recurrent nightmares.

His subsequent experiences include creating software in nearly a dozen languages, network and database maintenance during the approach of a hurricane, and writing articles for publications ranging from sailing magazines to technological journals. After a seven-year Atlantic/Caribbean cruise under sail and passages up and down the East coast of the US, he is currently anchored in St. Augustine, Florida. He works as a technical instructor for Sun Microsystems and a private Open Source consultant/Web developer. His current set of hobbies includes flying, yoga, martial arts, motorcycles, writing, and Roman history; his Palm Pilot is crammed full of alarms, many of which contain exclamation points.

He has been working with Linux since 1997, and credits it with his complete loss of interest in waging nuclear warfare on parts of the Pacific Northwest.

Copyright © 2007, Ben Okopnik. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 135 of Linux Gazette, February 2007

<-- prev | next -->