IPTables

Question 1

What is a rule chain ?

Answer 1

It is a list of sequential rules. That list may be built-in or defined by the administrator.

Question 2

What are the default chains in iptable ?

Answer 2

INPUT, OUTPUT, FORWARD

Question 2

What are the default chains in iptable ?

Answer 2

INPUT, OUTPUT, FORWARD

Question 3

Which technology iptables have replaced ?

Answer 3

ipfw

Question 4

Which technology have replaced iptables ?

Answer 4

NFT

Question 5

What is IP MASQUERADING ?

Answer 5

It is a simple and partial implementation of NAT, allowing many Internal hosts to access to internet with a single public IP address.

Question 6

With Netfilter which “subsystem” is the first entry point of a packet.

Answer 6

The first subsystem through which an incoming packet pass is the “routing function”.

Question 7

With Netfilter, to which chain the routing function forward accepted packet ?

Answer 7

If the packet is to be delivered on the local host, it is transferred to the INPUT chain. Otherwise it is transferred to the FORWARD chain:

Question 8

With Netfilter, what comes after the INPUT chain ?

Answer 8

Either a drop, or a local process (logging or destination process), or another user-defined chain

Question 9

With Netfilter, what comes after the FORWARD chain ?

Answer 9

Either a drop or the Interface through which the packet must go through.

Question 10

With Netfilter, what comes before the OUTPUT chain ?

Answer 10

Only the local process

Question 11

With Netfilter, what comes after the OUTPUT chain ?

Answer 11

Either a drop or the Interface through which the packet must go through.

Question 12

What is the main difference between Netfilter (iptables) and IPFW (ipchains) ?

Answer 12

It is the packet traversal through the different network functions and built-in chains. With Netfilter, packet always go through only 1 chain (except for loopback packets which are filtered twice). With IPFW, packet can go through 2 or 3 chains.

Question 13

What are the default packet matching tables in Netfilter §

Answer 13

filter, nat, mangle, raw, security

Question 14

What is the default table in Netfilter ?

Answer 14

filter

Question 15

What are the chains inside the filter table ?

Answer 15

INPUT, OUTPUT, FORWARD and user-defined chains.

Question 16

What is the aim of the NAT table ?

Answer 16

The NAT table is used to provide NAT and related functions

Question 17

What is the aim of the mangle table ?

Answer 17

The mangle table is used when the packet will be altered by the firewall.

Question 18

What is the must classical layout of the iptable command ?

Answer 18

iptables

Question 19

Why the option -A is used for in iptables command ?

Answer 19

It is use to append a rule onto the end of rule set.

Question 20

What is the in an iptables command ?

Answer 20

The matching criteria set the conditions for the rule to be applied

Question 21

What is the target in an iptables command ?

Answer 21

The target sets the action to perform on a matching packet. The target can be something as simple as DROP to silently discard the packet or it can send the matching packet to a user-defined chain or it can perform any other configured action in iptables

Question 22

How are tables implemented in Netfilter ?

Answer 22

As separate table modules.

Question 23

What are 2 types of the filter table feature extensions ?

Answer 23

target extensions and match extensions

Question 24

Example of packet dispositions in target extensions

Answer 24

REJECT, BALANCE, MIRROR, TEE, IDLETIMER, AUDIT, CLASSIFY, CLUSTERIP, CONNMARK, TRACE, LOG, ULOG

Question 25

What are the 2 target extensions of the mangle table ?

Answer 25

MARK supports assiging a value to the packet’s mark field that iptables maintain.

TOS supports setting the value of TOS field in the IP header.

Question 26

What are the target extensions of the nat table ?

Answer 26

They support these forms of NAT:

• SNAT
• DNAT
• MASQUERAD (a specialized form of source NAT for connections that are assigned a temporary, changeable, dynamically assigned IP address)
• REDIRECT (a specialized form of destination NAT that redirects the packet to the local host regardless of the address in the IP headers destination field)