Past Exam Question...

General chat concerning linux or linuxzoo.

Moderator: drgrussell

Post Reply
Posts: 1
Joined: Sun Oct 04, 2009 4:22 pm
Are you a robot or a human?: Human

Past Exam Question...

Post by EwanD » Wed Oct 07, 2009 10:43 pm


I'm a tad confused at 1 of the past exam questions: Page 147 of the notes, on firewalls.

The question reads:

"Consider the following iptable configuration:

iptables -P INPUT drop
iptables -A INPUT -m state --state RELATED,ESTABLISH
iptables -A INPUT -p tcp --sport ssh -j ACCEPT

Would incoming ssh connection requests be blocked? Give an explanation of your answer."

Firstly, is the fault in the word ESTABLISH (meant to say ESTABLISHED) meant and the lack of -j accept/drop?

Secondly, is this configuration in perspective of the client or server side?

I came up with the answer that no, no incoming ssh connections would be blocked (assuming it was on the client side - this configuration) because the default is drop, the 2nd line would be ignored as it isn't structured ... like ... correctly? and finally the 3rd line states that any connections coming from the ssh port from the server are accepted.


Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

Re: Past Exam Question...

Post by drgrussell » Thu Oct 08, 2009 7:34 pm

I dont remember any question missing the end of established, or missing the -j ACCEPT.
Could this be a problem with what you used to look at the question?
Or perhaps with the version of the exam you are looking at. Dont worry, I do checks on the papers and I would have spotted that one easily!

Anyway, in this exam question the problem is that --sport should have been --dport, and as a result ssh would be blocked.
Incomming ssh requests would involve a ssh port this server, not a remote server.


Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest