Card Set Information

2012-02-06 22:07:13

Show Answers:

  1. What are the 3 chains available in iptables?
  2. If no rules are matched, what happens?
    The default rule is executed. This can be an ACCEPT (which will allow all packets) or DROP (which will reject all packets). The default rule should be set for all 3 chains (INPUT, OUTPUT, and FORWARD).
  3. How do you list all rules?
    iptables -L
  4. If you are going to clear all rules, what must you do first?
    Set the default input policy to accept all?
  5. How do you set the default input policy to accept all packets?
    iptables -P INPUT ACCEPT. If you are flushing all rules over SSH, you must set this to the default input policy. Otherwise you will be locked out.
  6. How do you flush all rules?
    iptables -F
  7. Explain "iptables -A INPUT -i lo -j ACCEPT"
    Append (-A) an INPUT rule that allows (ACCEPT) all incoming packets on the loopback (lo) interface (-i).
  8. Explain "iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT"
    For all incoming packets that are a part of an established or related connection (ie, NOT NEW), accept them
  9. What rule would allow you to work over SSH?
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  10. How do you set the default input policy to reject all packets?
    iptables -P INPUT DROP
  11. Explain "iptables -P FORWARD DROP"
    Drop all packets to be forwarded. Only used if computer is being used as a router.
  12. Explain "iptables -P OUTPUT ACCEPT"
    Allow all outgoing packets
  13. How do you save rules after making changes?
    service iptables save
  14. What flag allows filtering for a single IP address?
  15. What are the 3 IP formats that the -s flag accepts?
    single IP address, CIDR, or netmask.
  16. What flags allow for mac filtering
    -m (module) mac --mac-source MAC_ADDRESS
  17. Before you accept or reject a specific port, what must you do first?
    Define the protocol (tcp, udp, icmp, all) using the -p option
  18. What flag defines a specific destination port?
  19. What flag defines a source port?
  20. What are the 3 tables in iptables?
    packet mangling, filtering, and NATing tables
  21. Where is the iptables config file located?
  22. How do you restart iptables in order to pick up changes to the configuration?
    service iptables restart
  23. How do you save dynamically added rules?
    service iptables save