Linux Firewalls

Question 1

Three ways to stop iptables or firewalld

Answer 1

service stop firewalld
systemctl stopfirewalld
chkconfig firewalld off

REMEMBER TO MASK SERVICE

Question 2

Install iptables

Answer 2

yum install iptableds-services

Question 3

Check iptables rules and then flush them

Answer 3

iptables -L
iptables -F

Question 4

What are the 3 different things used for packet filtering in IPtables?

Answer 4

Tables
Chains
Targets

Question 5

What is a table?

Answer 5

Allows you to process packets in specific ways

types of tables:
filter
mangle
nat
raw

Question 6

What is a chain

Answer 6

Chains are attached to tables and allow you to inspect traffic at various points

Input - incoming
Output - outgoing
Forward - going to a router from one device to another

Question 7

What is a target

Answer 7

Rule for what happens to chain

Accept
Reject - drop and notify
Drop - don’t notify

Question 8

Describe the output of iptables -L

Answer 8

Chain INPUT (policy ACCEPT)
target prot opt source

target - what happens to traffic
prot - protocol (tcp,udp,icmp, or all)
opt - options (rarely used)
source - where’s it coming from

Question 9

Drop all traffic from 192.168.0.25 - IPTABLES

Answer 9

iptables -A INPUT -s 192.168.0.25 -j DROP
-A - append rule to end of selected chain
-s - source
-j - jump (target)
-d - destination

Question 10

Drop all traffic from range of ips - IPTABLES

Answer 10

iptables -A INPUT -s 192.168.0.0/24 -j DROP

Question 11

you have two rules now, delete rule number one - IPTABLES

Answer 11

iptables -D INPUT 1

Question 12

Block all pings - IPTABLES

Answer 12

iptables -A INPUT -p icmp -j DROP

-p - policy

Question 13

Block port 80/tcp - IPTABLES

Answer 13

iptables -A INPUT -p tcp –dport 80 -j DROP

Question 14

Block traffic coming from 192.168.1.12 to NIC ens160 - IPTABLES

Answer 14

iptables -A INPUT -i ens160 -s 192.168.0.25 -j DROP

Question 15

Block user access to facebook -IPTABLES

Answer 15

nslookup facebook.com
iptables -A OUTPUT -d 157.240.10.35 -j DROP

Question 16

Block all incoming traffic except for ssh -IPTABLES

Remember: rules are read in order, if the DROP all goes first, it will stop reading

Answer 16

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -P INPUT DROP

When you look at the policy at the top, it should say (policy DROP)
Flushing will only flush the rule, not the chain policy.

If you want to clear the input drop, either change it or restart iptables

systemctl restart iptables

Question 17

Save iptables

where is save located?

Answer 17

iptables -save > /etc/sysconfig/iptables

Question 18

If you want to put rule at beginning instead of at the end (appending), what option would you use? - IPTABLES

Answer 18

iptabes -I INPUT -s 192.168.1.12 -j DROP

Question 19

What are the four options for firewalld

Answer 19

Tables
Chains
Rules
Targets

Question 20

What is a rule?

Answer 20

associated to chains
ex:
if incoming traffic matches this rule then do the TARGET

Question 21

What should you do if you’re using firewalld?

Answer 21

systemctl stop/mask iptables

Question 22

Show current zone - FIREWALLD

Answer 22

firewall-cmd –get-active-zones

Question 23

Reject incoming traffic from 192.168.1.114 - FIREWALLD

Answer 23

firewall-cmd –add-rich-rule=’rule family=”ipv4” source address=”192.168.1.114” reject’

Question 24

Block ICMP traffic then turn it back on - FIREWALLD

Answer 24

firewall-cmd –add-icmp-block-inversion
firewall-cmd –remove-icmp-block-inversion

Question 25

Block outgoing traffic to facebook - FIREWALLD

Answer 25

firewall-cmd–direct –add-rule ipv4 filter OUTPUT 0 -d 31.31.31.13 -j DROP

Question 26

Remove telnet, if you have it disable it before hand

Answer 26

rpm -qa | grep telnet
rpm -e telnet-server.xxx
systemctl mask telnet.socket

-e means erase

Question 27

How do firewall zones work

Answer 27

If you add a source ip to a zone it will use that zone.

Default action is, that if there are no rules for a specific thing it sends it up to the next default zone (if you’re using a source in a different zone, and then goes off that.

The steps rules take is
rich-rule
source -zone
default-zone

Question 28

Make it to where anyone but your other linux machine can access your http page

Answer 28

Put interface in public zone and make the source for the other linux machine in a drop zone

Question 29

List all services enabled
List all rules
list all rules for just the public zone
Show all services available
List all zones
List open ports
display default zone

Answer 29

firewall-cmd –list-all –zone=public
firewall-cmd –list-all
firewall-cmd –list-services
firewall-cmd –get-services
firewall-cmd –get-zones
firewall-cmd –list-ports
firewall-cmd –get-default-zone

Question 30

Disable all network traffic
See if panic mode is on

Answer 30

firewall-cmd –panic-on
firewall-cmd –panic-off
firewall-cmd –query-panic

Question 31

Make ALL changes permanent

Answer 31

firewall-cmd –runtime-to-permanent

Question 32

Change default zone to public

Answer 32

firewall-cmd –set-default-zone public

–permanent if you are using:
firewall-cmd –runtime-to-permanent

Question 33

Assign interface to zone via firewall-cmd and nmcli

Answer 33

firewall-cmd –zone=public –change-interface=ens36

nmcli connection modify ens36 connection.zone public

Question 34

Check if firewalld configuration works

Answer 34

firewall-cmd –check-config

Question 35

How would you assign a zone to an interface via the ifcfg file?

Answer 35

ZONE=public

Question 36

Create a new zone

Answer 36

firewall-cmd –permanent –new-zone=farter

firewall-cmd –permanent –delete-zone=farter

Question 37

Where are the zone coding files located?

Answer 37

/usr/lib/firewalld/zones

Question 38

Create a zone and set it’s target as accept

Answer 38

firewall-cmd –permanent –new-zone=farter –set-target=ACCEPT

Question 39

Set a source port for drop to be 22

Answer 39

firewall-cmd –permanent –zone=drop –add-source-port=22/tcp

Question 40

Where do you go to modify direct rules?

Answer 40

/etc/firewalld/direct.xml