Firewall tips.

Share this link

Some questions come regularly in Linux certifications forums:
Do I need to set up iptables configuration or not ?
In fact, it depends on the questions and the risk you want to take.
If there is no mention of ports in the exam and risk doesn’t frighten you, you can go for: # iptables -F; service iptables save
Otherwise, you have to learn the ports associated with each service.
During your training session, you can test your configuration in your lab with a port scanner: nmap is your friend!
# yum install -y nmap
Then, you can test your local port configuration (tcp & udp) with the following command (s for scan, T for tcp and U for udp): # nmap -sT -sU localhost
Once you’ve got your iptables configuration set up, you can test it from another VM or your KVM host. It’s simple with tcp ports: # nmap -sT myvm
Things become trickier with udp ports. If you don’t want to spend around 18 minutes to get the answer (test it if you think I’m kidding!), you have to specify the ports that you want to test: # nmap -sU -pU:53,111 myvm
It’s even possible to combine the two tests in one: # nmap -sT -sU -pT:*,U:53,111 myvm

I’m pretty sure these little tips will help you even after the exams!

Posted in RHEL6

Leave a Reply

Be the First to Comment!

Notify of
wpDiscuz

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create two users "tom" and "engine". "tom" has the UID/GID 3000 and "engine" the UID/GID 4000. "engine" doesn't have an interactive shell.

RHCE7: Task of the day

Allowed time: 15 minutes.
Configure a Samba server called MYSERVER, belonging to the MYGROUP group, sharing the /shared directory with the name "shared".

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...