Nishita Agarwal Shares Her Interview Experience on Linux ‘iptables’ Firewall

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

28 Responses

  1. mitesh says:

    At which layer of OSI model, iptables and squid proxy server works (layer 3 or 7 or both) ?

    • Avishek Kumar says:

      @ mitesh
      thanks for your question and answer.
      This post however is explicitly based upon what Nishita was asked.
      I would appreciate if could share your’s experience with us so that our readers can get a little more knowledge.

  2. Nelson says:

    Hello, about the question and answer number 5

    The answer is wrong:
    Originally: Thanks for the recognition. Moving to question part, There are four tables used in iptables, Namely They are:

    Nat Table
    mangle Table
    Filter Table
    raw Table

    The correct answer is (5 tables)

    Currently there are five independent tables (Which tables are present at any time depends on the kernel configuration options and Which modules are present).

    Filter
    Nat
    mangrove
    raw
    Security

    Source:

    http://ipset.netfilter.org/iptables.man.html

    Note: I hope that my comment is published, earlier I comment on correpción dns in this article:
    https://www.tecmint.com/install-cpanel-whm-in-rhel-centos/
    and you do not publish my comment, why ?

  3. Anders Jackson says:

    1. What about ip6tables(8) and all the other filters?

    2. “Have you used some kind of GUI based front end tool for iptables or the Linux Command Line?” Never use iptables(8) and ip6tables(8) directly, use a firewall. But know how iptables do work, so one can debug the filter created. Most (all?) hacking iptables directly have some errors in them, that would not been introduced by

    3. “What are the basic differences between between iptables and firewalld?” Very RedHat-centric. Might be ok of the site is RedHat-centric. Prefer shorwall and likes, as the config files are readable. ;-)

    4.” Would you replace iptables with firewalld on all your servers, if given a chance?” Never make infrastructure changes without it being well documented and anchored in the company. Even if it is “better”.

    5. “You seems confident with iptables and the plus point is even we are using iptables on our server.” Very IPv4 centric. Where are the important stuff about IPv6. Wouldn’t want to be hired by a company that ignores such important stuff.

    6. “What are the target values (that can be specified in target) in iptables and what they do, be brief!” Only DROP? What about the more Internet friendly REJECT?

    8. “How to Check and ensure if iptables service is running?” There are no service, it is a configuration set at the same time as when services are started…

    9. “How will you review the current Rules defined in iptables?” Will not show the NAT and MANGLES rules.

    11. “Add a rule in iptables to accept packets from a trusted IP Address (say 192.168.0.7)” Standard slash? It is called CIDR and should not be used on hosts, only networks.

    12. “How to add rules to ACCEPT, REJECT, DENY and DROP ssh service in iptables.” Update the article, as you have added them. But your answer is not correct. It should only use 22 or ssh, not use multiport.

    13. The list from iptables -L is wrong. “DROP tcp — 192.168.0.6 anywhere multiport dports ssh,telnet,http,webcache” as webcache is not added by the command, it is FTP. Try this:
    getent services 21 22 23 80
    ftp 21/tcp
    ssh 22/tcp
    telnet 23/tcp
    http 80/tcp www

    Anyway.
    Where are the questions about IPv6? Where are the questions about encryption, signing and certificates? Where are the questions about DNSSEC? Routing, anyone?

  4. sudeep says:

    Please drop more interview questions with answers related to Linux System Administrator job profile

  5. Prasanna says:

    Is answer to Question 12 complete?

    • Avishek Kumar says:

      There is a little correction in question number 12
      Replace
      # iptables -A INPUT -s 192.168.0.6 -p tcp -m multiport –dport 22,23,80,8080 -j DROP
      with
      iptables -A INPUT -s 192.168.0.6 -p tcp -m multiport –dport 21,22,23,80 -j DROP

      Rest is ok.

      • Prasanna says:

        I agree Question 13 has some corrections. I think answer to question 12 has some problems in syntax.

        #iptables -A INPUT -s 192.168.0.6 -p tcp –dport 22 -j ACCEPT
        #iptables -A INPUT -s 192.168.0.6 -p tcp –dport 22 -j REJECT
        #iptables -A INPUT -s 192.168.0.6 -p tcp –dport 22 -j DROP

        Shouldn’t be rules like above? Am I missing anything here? Please check.

  6. Arfat says:

    Thanks Nishita. For Sharing such an valuable information. Questions with answers in detailed explaination.

  7. Bóson says:

    Fantastic interview! I didn´t know firewalld, and I´m gonna study it. Thank you!

  8. In question #13, you need to change
    iptables -A INPUT -s 192.168.0.6 -p tcp -m multiport –dport 22,23,80,8080 -j DROP
    to
    iptables -A INPUT -s 192.168.0.6 -p tcp -m multiport –dport 21,22,23,80 -j DROP
    The original rule will not block connections to port 21, and is blocking connections to port 8080, which was not part of the requirement.

  9. pal pandey says:

    Very good experience shared by you, it will enhance my skill about linux.

  10. satish says:

    Thanks Nishitha for the information.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.