I understand the basics and have put a halt to p2p 'file-sharing', blocked URLs that the bosses don't want and set up the firewall (Juniper NetScreen 5GT) to block many things on its default list of bad thingd, but, there are many things I'm not real clear on.

The logs are full of crit events like:
fragmented traffic, large ICMP packets, Teardrop attack, IP flood, and so on


Well, best thing I can say, Get this book: [link|http://www.amazon.com/gp/product/0735710996|Linux Firewalls by Robert Ziegler]. Best book I have read on the subject. Of course, this is me saying this.

There are other things you need to look at, rule order makes a huge difference typically.


Also, here is a concise page that helps out much, explaining much of the "syn flood" fragmentation etc...

[link|http://www.ipcortex.co.uk/wp/fw.rhtm|What a firewall does, in general terms]

Another one from howstuffworks.com is: [link|http://computer.howstuffworks.com/firewall.htm|How Firewalls Work]



One last thing, Matt LaPlante wrote a pretty good step-by-step using Debian Linux.

[link|http://www.cyberdogtech.com/firewalls/|Custom Linux Firewalls with Debian]


Lets not forget though that the BSDs also have good firewall capacity. Even the man pages in the BSDa are good.