Basic iptables

Card Set Information

Author:
Anonymous
ID:
128952
Filename:
Basic iptables
Updated:
2012-01-19 07:38:05
Tags:
iptables
Folders:

Description:
iptables review
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user Anonymous on FreezingBlue Flashcards. What would you like to do?


  1. What are the 3 chains available in iptables?
    INPUT, OUTPUT, and FORWARD
  2. If no rules are matched, what happens?
    The default rule is executed. This can be an ACCEPT (which will allow all packets) or DROP (which will reject all packets). The default rule should be set for all 3 chains (INPUT, OUTPUT, and FORWARD).
  3. How do you list all rules?
    iptables -L
  4. If you are going to clear all rules, what must you do first?
    Set the default input policy to accept all?
  5. How do you set the default input policy to accept all packets?
    iptables -P INPUT ACCEPT. If you are flushing all rules over SSH, you must set this to the default input policy. Otherwise you will be locked out.
  6. How do you flush all rules?
    iptables -F
  7. Explain "iptables -A INPUT -i lo -j ACCEPT"
    Append (-A) an INPUT rule that allows (ACCEPT) all incoming packets on the loopback (lo) interface (-i).
  8. Explain "iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT"
    For all incoming packets that are a part of an established or related connection (ie, NOT NEW), accept them
  9. What rule would allow you to work over SSH?
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  10. How do you set the default input policy to reject all packets?
    iptables -P INPUT DROP
  11. Explain "iptables -P FORWARD DROP"
    Drop all packets to be forwarded. Only used if computer is being used as a router.
  12. Explain "iptables -P OUTPUT ACCEPT"
    Allow all outgoing packets
  13. How do you save rules after making changes?
    service iptables save
  14. What flag allows filtering for a single IP address?
    -s
  15. What are the 3 IP formats that the -s flag accepts?
    single IP address, CIDR, or netmask.
  16. What flags allow for mac filtering
    -m (module) mac --mac-source MAC_ADDRESS
  17. Before you accept or reject a specific port, what must you do first?
    Define the protocol (tcp, udp, icmp, all) using the -p option
  18. What flag defines a specific destination port?
    -dport
  19. What flag defines a source port?
    -sport
  20. What are the 3 tables in iptables?
    packet mangling, filtering, and NATing tables

What would you like to do?

Home > Flashcards > Print Preview