Term
| Which command can be used to configure the kernel firewall in the current release of Red Hat Enterprise Linux? |
|
Definition
|
|
Term
| Which would be the hardest to filter with the kernel firewall? |
|
Definition
|
|
Term
| the 4 types of iptables are |
|
Definition
|
|
Term
| Which results in command not found? |
|
Definition
|
|
Term
| The default table for iptables is: |
|
Definition
|
|
Term
| Which command might prevent other hosts from using an ftp server running on this host? |
|
Definition
|
|
Term
The command shown below could block access to sshd on the current host until when?
iptables -A INPUT -p tcp --dport 22 -j DROP |
|
Definition
| Until root issues iptables -F |
|
|
Term
The command shown below could block access to sshd on the current host until when?
iptables -P INPUT DROP |
|
Definition
|
|
Term
| Which could immediately reset INPUT policy for the filter table? |
|
Definition
|
|
Term
| Which could remove rules from the FORWARD control point of the filter table? |
|
Definition
service iptables restart
iptables -F FORWARD
iptables -F
reboot |
|
|
Term
| the two extension targets for iptables are |
|
Definition
|
|
Term
| can extension targets be used as default policies on chains? |
|
Definition
|
|
Term
| Which jump target would return for further processing? |
|
Definition
|
|
Term
The following command would do what?
iptables -N rejectSSH |
|
Definition
|
|
Term
| Which control point may be irrelevant if cat /proc/sys/net/ipv4/ip_forward results in 0 being written to standard out? |
|
Definition
|
|
Term
The following command would have what result?
iptables -A FORWARD -p tcp --dport 0:1023 -j DROP |
|
Definition
| Prevent access to an ssh server to which this host acts as a gateway. |
|
|
Term
| Which of the following would start a graphical tool for configuring the kernel firewall? |
|
Definition
|
|
Term
| A custom chain may be deleted when... |
|
Definition
The reference count for the chain is zero.
No rules are applied to the chain. |
|
|
Term
Which of the following iptables commands might cause incoming new ssh connections to be logged and REJECTed?
iptables -A INPUT -p tcp --sport 22 -j REJECT
iptables -A INPUT -p tcp --dport 22 -j LOG
Requires either two commands or a custom chain.
init 6 |
|
Definition
| Requires either two commands or a custom chain. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| ACCEPT, DROP, RETURN, QUEUE |
|
|
Term
| iptables is built on the ___________ architecture |
|
Definition
|
|
Term
| iptables -s specifies what |
|
Definition
|
|
Term
| iptables -d specifies what |
|
Definition
|
|
Term
| iptables -i specifies what |
|
Definition
|
|
Term
| iptables -o specifies what |
|
Definition
|
|
Term
| iptables -p specifies what |
|
Definition
|
|
Term
| if a protocol is matched by a rule, what additional parameters can be set? |
|
Definition
--dport
--sport
--syn (TCP only)
--icmp-type (ICMP only) |
|
|
Term
| iptables -f specifies what |
|
Definition
|
|
Term
| iptables ! specifies what |
|
Definition
|
|
Term
| iptables -L specifies what |
|
Definition
|
|
Term
| iptables -P specifies what |
|
Definition
| sets default target for a chain |
|
|
Term
| iptables -I specifies what |
|
Definition
| inserts a rule into a chain |
|
|
Term
| iptables -A specifies what |
|
Definition
| appends a rule to a chain |
|
|
Term
| iptables -D specifies what |
|
Definition
| deletes individual rule in a chain |
|
|
Term
| iptables -F specifies what |
|
Definition
| deletes all rules in a chain or the whole filter table |
|
|
Term
| iptables -j specifies what |
|
Definition
| specifies a target within a rule |
|
|
Term
| what are some ways to save the filter table |
|
Definition
iptables-save
or service iptables save |
|
|
Term
| the LOG extension target logs to |
|
Definition
| /var/log/messages by default |
|
|
Term
| iptables -N specifies what |
|
Definition
|
|
Term
| iptables -X specifies what |
|
Definition
|
|
Term
| what switch displays line numbers in a filter table |
|
Definition
|
|
Term
| forwarding will not work unless |
|
Definition
| /proc/sys/net/ipv4/ip_forward is set to 1 |
|
|
