Sec. 36 Firewalls Flashcards
firewalls are used to _______ ______ ________ and _________ access to your systems and local ________.
firewalls are used to control both incoming and outgoing access to your systems and local network.
Packets are made up of what the items?
Header , footer , payload
What information does the header and footer contain?
- destination - source addresses - type of packing it is - which protocol it obeys - and other meta data
Almost all firewalls are based on _______ ________?
Packet Filtering .
Packet filtering intercepts packets at one more stages in the network transmission , including ___________, ___________, _____________, and ___________.
application, transport, network, and datalink.
Firewalls establish rules by which each packet may be :
- accepted or rejected based on content, addresses -mangled in some way -redirected to another address -inspected for security reasons.
What are the two main utilities of the firewalld package?
- firewall-cmd 2. firewall-config.
where are the configuration files for firewalld located? which one should the system admin use?
- /etc/firewalld, /usr/lib/firewalld 2. /etc/fireealld. why ? because the /etc/firewalld will override the other file rules.
firewalld is the _________ __________ ________.
Dynamic firewall manager
firewalld utilizes ________/______ zones.
network/firewall zones.
firewalld also separates _______ and _________ changes to configuration files .
runtime , permanent(persistent)
what is the command line tool for firewalld?
- firewall-cmd.
if i would like help with the firewall-cmd command what could i type in the command line?
$ firewall-cmd –help
it is an error to run both _______ and _________ at the same time.
firewalld and iptables
using the cmd line how would i enable and start the firewalld service?
to enable : - $ sudo systemctl enable/disable to start: -& sudo systemctl start/stop
using the cmd line what are two ways that i could see the status of firewalld ?
- $ sudo systemctl status firewalld 2. $ sudo firewall-cmd –state
firewalld works with ______.
zones .
what does the zone: drop do w.r.t. firewalld ?
Zone: Drop - all incoming packets are dropped with no reply. only outgoing connections are permitted.
What does the zone: block do w.r.t. firewalld?
Zone: Block – all incoming connections are rejected. The only permitted connections are those from within the system
Define the Zone : Public w.r.t. firewalls
Zone: Public – Do not trust any computers on the network; only certain consciously selected incoming connections are permitted.
Define the zone: external w.r.t firewalls
Zone: External – used when masquerading is being used. such as in routers. Trust levels are the same as public.
Define the zone: dmz w.r.t firewalls
Zone: dmz (Demilitarized Zone) – used when access to some (but not all) services are allowed to the public. only particular incoming connections are allowed.
what is the zone: work w.r.t firewalls ?
Zone: work –trust (but not completely) connected nodes to be harmful. Only certain incoming connections are allowed.
define the zone: home wrt firewalls ?
Zone: Home – you mostly trust the other network nodes, but still select which incoming connections are allowed.
define the zone : trusted wrt firewalls
Zone: trusted – all network nodes are allowed.
Information: ———————– on system installation, most , if not all Linux distributions , will select the public zone as default for all interfaces.
Information: ——————————— the differences between some of the zones we mentioned are not obvious, and we do not need to go into that much detail here. but note that one should not use more open zone than is nesseary.
what does the command $ sudo firewall-cmd –get-default-zone return?
the default zone.
to obtain a list of zones that are in use i can run the following command $ sudo firewall-cmd –get-active-zones .
if i would like to list all available zones i can run the command $ sudo firewall-cmd –get-zones
if i would like to obtain the list of the zones being used w.r.t firewalls. what command could I use
Command: >>> $ sudo firewall-cmd –get-active-zones
What command could i run if i want to list all available zones?
Command: >>> % sudo firewall-cmd –get-zones
Information: ——————————————- if i would like to find out which zone is associated with a particular interface I could run the command. >>>$ sudo firewall-cmd –get-zone-of-interface= eno1 return >>> public. –where the eno1 is the interface in question. – the zone of eno1 is public .
Information: ————————————- if I would like to change the zone of a particular interface permanently I would run the following command: >>$ sudo firewall-cmd –permanent –zone=inteatrnal –change-interface=eno1. return >>> success – where the interface in question is en01 – the zone it was changed to was internal .
How would I find out what zone was associated with the interface eno1?
Command: >>>$ sudo firewall-cmd –get-zone-of-interface=eno1.
Information: ——————————- controlling firewalld is done through the firewall-cmd program. More detailed information can be obtained with: >>>$ man firewalld-cmd
Education: ——————————– Any zone can be bound not just to a network interface, but also to particular network addresses. A packet is associated with a zone if: – It comes from a source address already bound to the zone;or it not –it comes from an interface bound to the zone. Any packet not fitting the above criteria is assigned to the default zone(i.e. usually public.)
A packet is associated with a zone if ….? any packet not fitting the answer to the above question is assigned to what zone?
- a. it comes from a source address already bound to the zone. ; or if not. b. it comes from an interface bound to a zone. 2. default zone ( usually public)
Education: ——————————————— To assign a source to a zone (permanetly): >>>& sudo firewall-cmd –permanent –zone=trusted –add-source=192.168.1.0/24 # this says anyone with the ip address of 192.168.1.x will be added to the trusted zone.
Education: —————————————– I can list the sources bound to a zone with: >>>$ sudo firewall-cmd –permanent –zone=trusted –list-sources # if I were to leave out the –permanent option the change would only last as long as the runtime of the computer.
How would I assign a source to a zone(permanently)?
>>> $ sudo firewall-cmd –permanent –zone=trusted –add-source=198.168.1.0/24
If I would like to see all the available services connected to firewalld what command can I use?
>>>$ sudo firewall-cmd –get-services # this command will show me all services available.
what command could I use to see the services currently accessible in a particular zone?
>>> $ sudo firewall-cmd –list-services –zone=public # Will return the services accessible in the public zone.
If I would like to add a service to a zone, what command could I use?
- $ sudo firewall-cmd –permanent –zone=home –add-service=dhcp
- $ sudo firewall-cmd –reload # the last command will make the change effective from the first command.
If I would like to add a new services to firewalld what configuration file would I update?
/etc/firewalld/services
If I would like to add a port to the zone home, how would i use the firewall-cmd program?
>>> $ sudo firewall-cmd –zone=home –add-port=21/tcp
If would would like to ascertain what a certain port corresponds to what file could I look up?
/etc/services
how would I use the firewall-cmd program to list what ports are associated with the zone home?
>>> $ sudo firewall-cmd –zone=home –list-ports
how would I show my current ip address ?
>>> $ ip addr show [put device name here] or >>> ifconfig [put device name here]
how would I a look up the default route?
>>> $ ip route or >>> $ route -n
what command would i use to copy a file?
command : cp
what is firewall-cmd?
firewall-cmd is the command line client of the firewalld daemon
firewall-cmd acts as an _________ to manage runtime and permanent configuration
interface
can firewall-cmd make permanent changes ?
yes
firewall-cmd –state ; what does this do?
checks whether the firewall daemon is active
-returns 0 if its active
what is the purpose of the following comand : firewall-cmd –reload
reloads firewall rules and keep state information -permanent config will become runtime conf.
what is the purpose of the following command: firewall-cmd –runtime-to-permanent runtim
saves runtime config and makes it permanent
what is the purpose of the following command : firewall-cmd –check-config
runs checks on permanent configuration.
what is the purpose of the following command : firewall-cmd –get-log-denied
prints the log denied settings
what is the purpose of the following command : firewall-cmd –permanentq
can be used to set options permanently
*changes will be effective after restart /reload
what is the purpose of the following command : firewall-cmd –get-default-zone
prints default zone for connections and interfaces
what is the purpose of the following command: firewall-cmd –set-default-zone=zone
set default zone for connections and interfaces . where no zone is selected.