Networking and Firewalls
User:
Password:

To reset all the check buttons from a previous attempt click here

Question 1: Network broadcast

What is the broadcast address for your network connection?

Enter an ip :

Tests - not attempted
Broadcast Address UNTESTED

Question 2: ip route

Using the ip command, what is the scope type of the first line of the route table main?

Enter a scope type:

Tests - not attempted
Scope Type UNTESTED

Question 3: Firewall: Empty the Chains

In this tutorial we are going to work on the firewall configuration of your machine. Some care must be taken when doing this, or you will suddenly find you can no longer log in!

In all these cases the easiest way to do the experiment is to CREATE an executable program in /root called "firewall". You should make the contents of this something like: 

#!/bin/bash
#
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Execute this file, and then, for the first time only, type: 

iptables -F RH-Firewall-1-INPUT
iptables -X RH-Firewall-1-INPUT

This will remove a chain which Redhat creates, but which we will not use.

At this point "iptables -L" should show that you have no rules.

Tests - not attempted
iptable empty UNTESTED

Question 4: Block port 80

Visit the firewall test page, which can be found as a link off the VM Management page, and run a test on 22,23,25, and 80. All will either be "open" (service there and no firewall) or "closed" (no service there and no firewall).

Add to the end of your /root/firewall script a rule which, when an http packet (tcp) comes in from eth0, jumps to DROP. Execute the script to activate this change.

Validate this with the firewall test (which should now say "filtered").

Tests - not attempted
Block 80 UNTESTED

Question 5: Block From 20.0.0.0/24

Add to the end of your /root/firewall script, while keeping the port 80 rule you created in the last question, a new rule which when a tcp packet which has a source address of 20.0.0.0/24 comes in from eth0, jumps to DROP. Execute the script to activate this change.

Tests - not attempted
Block ip20 UNTESTED

Question 6: FORWARD drop

Make the default policy of the FORWARD chain DROP. Leave the other chains as ACCEPT.

Tests - not attempted
FORWARD drop UNTESTED

Question 7: PING limit

Accept PING at a limit of 1 per second from any interface. This is tricky, as your default for the INPUT chain is ACCEPT. Attempt this question in two stages... first accept the PING if the rate is acceptable, and then have a check which jumps to DROP if it is a PING. The drop will always be done if reached and the packet is a PING, but it will not be reached if the first rule accepts it.

Double check that this is working using the ping option of the firewall tests. You should see "limited,1/second" if you have done this correctly.

Tests - not attempted
PING limit UNTESTED

Question 8: PING logging

Clean out your chain and put in the ping rule as in the previous question. If you receive pings faster than 1 per second, log the pings. Things that get logged will appear at the end of /var/log/messages.

Tests - not attempted
ping logging UNTESTED

Question 9: PING log

Using the firewall tests, run a ping test and then look at the log information created in /var/log/messages. With this information, what is the ip of the source of all these ping requests?

Enter the ping ip source:

Tests - not attempted
log check UNTESTED