which services are allowed through the firewall for the INPUT chain
Added by Tim L.
Step 1
This will determine whether traffic is allowed or denied by default. Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 89 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
(50 pts) Firewalls - iptables is a simple Linux-based firewall utility -- https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/. http://ipset.netfilter.org/iptables.man.html is a good place to find the options for iptables. Iptables is like most other Linux CLI utility programs in that the specific instruction executed is defined by the arguments applied to command line options. Using the iptables CLI, a user with administrator-level privileges can establish firewall rules to accept (ACCEPT) or reject (DROP) inbound (INPUT) and outbound (OUTPUT) traffic based on: - protocol (using the '-p' option), e.g. -p tcp - IP address (using the "-s" option), e.g., --s 10.2.0.2 - port number (using the --dport option), e.g., --dport http - interface (using the --i option), e.g., -i eth0 and other criteria. For instance, the command: iptables -A INPUT -s 10.10.10.X -j DROP specifies that the firewall is to reject all inbound traffic from 10.10.10.X. The -A option specifies the direction of the traffic that applies to the rule (INPUT or OUTPUT), while the -j option specifies the action, whether to ACCEPT or DROP. The iptables program also allows you to specify a default policy and view the current list of active firewall rules. For instance, iptables --policy INPUT DROP establishes a default reject policy for inbound traffic. More specific rules take precedence, but if no matching rule is found, then the default policy applies. Log in to your system (the same one from the first exercise) with the credentials provided and use the command line interface (CLI) for iptables to do the following: a. List the iptables firewall rules as they currently exist. What command did you issue to do this? What effect do the rules have? Save and submit the output. b. Add a rule to block echo requests (pings). What command did you issue to do this? Save and submit the output (an updated list of the firewalls).
Akash M.
Create a firewall rule set on your Ubuntu server, and each rule should be commented. Make sure to use variables for the IP addresses in your firewall. For any packets you REJECT or DENY, those should be logged. That means you'll need to modify the rule so that if the rule matches a DENY or REJECT a packet, that alert is written out to a log file. The firewall should implement the following policies. The policies below are not in the order in which they should be applied; put these rules in a reasonable order. 1) Allow all loopback connections. 2) Deny any connections from any IPs other than those on your network. 3) The firewall should be STATEFUL. 4) Allow echo-requests ONLY from computers on your network. 5) Allow echo-replies ONLY to computers on your network. 6) Allow FTP for the Ubuntu box ONLY (DENY Mint). 7) DENY all telnet connections from either Mint or Ubuntu. 8) Allow SSH to the server for Mint box ONLY (DENY Ubuntu box). 9) Allow web access (Apache) for the Mint box ONLY (DENY Ubuntu box). 10) Default incoming policy should be DENY. 11) Default outgoing policy should be ALLOW. 12) Default forward policy should be DENY. 13) The firewall should flush previously run rules. Note that for deny rules, you will have to decide to use either REJECT or DROP, and I want a comment justifying why you chose to use REJECT or DROP.
Supreeta N.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD