Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RHCSA > Firewalld and Iptables > Flashcards

Firewalld and Iptables Flashcards

1
Q

ip-table chains

A

Assume we have 2 if-s: eth0, eth1 on the PC
INPUT Chain: from outside to eth0
OUTPUT Chain: from eth0 outside
from eth0 to eth1 and visa versa: FORWARD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Add an entry into iptable to allow outgoing ssh traffic

A 
iptables -I/A CHAIN [-i/o ifname] [-s/d ip-address]
-p udp/tcp --dport/sport nn -j LOG/ACCEPT/DROP/REJECT
A-append
i/o -network card (eth0 or eth1)
s-source address
d-destination address
dport/sport -dest port
sport- source port
nn -port number

iptables -A OUTPUT -p tcp –dport 22 -j ACCEPT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List iptables entries

A

iptables -L

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Add policy into iptables

A

iptables -P INPUT DROP
iptables -P OUTPUT DROP
-P -policy OUTPUT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Add an entry into iptable to allow incoming traffic, when ssh connection was established with remote server

A

iptables -A INPUT -m state –state established,related -j ACCEPT
-m match

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Firewalld

A

Zone: a collection of network cards to which rules can be assigned

Interfaces: individual network cards, always assigned to zones

Services: xml-based conf that specified ports to be opened and modules that should be used

Forward ports: used to send traffic coming in on specific port to another port, which may be on another machine

Masquerading: provides NAT

Reach rules: extension to firewalld to make more complex conf possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Firewalld:
Show current conf
Show services of current zone (subset of –list-all command)
Get available services

A

firewall-cmd –list-all
firewall-cmd –list-services
firewall-cmd –get-services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Add service to run-time level rules

Remove service permanently

A

firewall-cmd -add-service=service
firewall-cmd –remove-service=service
firewall-cmd –add-service=https –permanent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Add GUI for firewalld

A

yum install firewall-config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Restart firewalld to pick up permanent rules

A

firewall-cmd –reload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Get zones
Get default zone
Get setting for home zone

A

firewall-cmd –get-zones
firewall-cmd –get-default-zone
firewall-cmd –zone=home –list-all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Get help for firewall

A

firewall-cmd –help

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Add ip-range 192.168.0.0/24 to zone=home

A

firewall-cmd –zone=home –add-source 192.168.0.0/24

firewall-cmd –zone=home –add-source 192.168.0.0/24 –permanently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Run-time rules vs permanent rules

A
  1. Adding rules to run-time level does not survive reboot, but apply immediately
  2. Adding rules to permanent level requires reload of firewall-cmd to apply. Survive reboot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Enable firewall rules to get access to apache server

A

firewall-cmd –zone=public –add-port 80/tcp

firewall-cmd –zone=public –add-port 80/tcp –permanent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ensure that iptables are not running when setting up firewall rules

A

systemctl mask iptables

systemctl mask ip6tables

RHCSA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions