Firewall tips.

Share this link

Some questions come regularly in Linux certifications forums:
Do I need to set up iptables configuration or not ?
In fact, it depends on the questions and the risk you want to take.
If there is no mention of ports in the exam and risk doesn’t frighten you, you can go for: # iptables -F; service iptables save
Otherwise, you have to learn the ports associated with each service.
During your training session, you can test your configuration in your lab with a port scanner: nmap is your friend!
# yum install -y nmap
Then, you can test your local port configuration (tcp & udp) with the following command (s for scan, T for tcp and U for udp): # nmap -sT -sU localhost
Once you’ve got your iptables configuration set up, you can test it from another VM or your KVM host. It’s simple with tcp ports: # nmap -sT myvm
Things become trickier with udp ports. If you don’t want to spend around 18 minutes to get the answer (test it if you think I’m kidding!), you have to specify the ports that you want to test: # nmap -sU -pU:53,111 myvm
It’s even possible to combine the two tests in one: # nmap -sT -sU -pT:*,U:53,111 myvm

I’m pretty sure these little tips will help you even after the exams!

Posted in RHEL6

Leave a Reply

Please Login to comment
Notify of

RHCSA7: Task of the day

Allowed time: 10 minutes.
Boot and change the root password before the end of the boot process.

RHCE7: Task of the day

Allowed time: 8 minutes.
Set up an iScsi target based on a block backstore of 100MB called lv_iscsi with basic authentication, ext4 filesystem and standard firewall configuration.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...