ExamTopics Logo
Mail Us[email protected]
Menu
Redhat Discussions
exam questions

Exam EX200 All Questions

View all questions & answers for the EX200 exam
Go to Exam

Exam EX200 topic 1 question 46 discussion

Actual exam question from RedHat's EX200
Question #: 46
Topic #: 1
[All EX200 Questions]

SIMULATION -
Configure iptables, there are two domains in the network, the address of local domain is 172.24.0.0/16 other domain is 172.25.0.0/16, now refuse domain
172.25.0.0/16 to access the server.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
iptables -F
service iptables save
iptables -A INPUT -s 172.25.0.0/16 -j REJECT
service iptables save
service iptables restart
by cytron at Nov. 11, 2020, 9:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
adolfoale
Highly Voted 1 year, 11 months ago
In RHEL8 # firewall-cmd --zone=block --add-source=172.25.0.0/16 --permanent # firewall-cmd --reload
upvoted 11 times
ArchBishop
1 year, 6 months ago
This answer seems to be incorrect, by the documentation standards I printed above. Unless I am interpreting wrong, your entry would do the following if the block zone was enabled: Block ALL Incoming Traffic except for that which exists within subnet 172.25.0.0/16.. all outgoing established connections are permitted. For this solution to work, you would need to permit the .24 subnet and all of the necessary ports utilized in this exam. the rich-rules are a better/quicker solution.
upvoted 1 times
badguy001djh
1 year, 4 months ago
--zone=block --add-source=172.25.0.0/16 means that rules of block zone would apply to the packets from 172.25.0.0/16. While other packets would still be applied the rule of public zone.Because the target of block zone is reject, any connection from 172.25.0.0/16 will be rejected.
upvoted 3 times
...
...
mdtjan
8 months, 2 weeks ago
this must be configure on the server side. Try to ping from the client, if it's configured successfully, it will show "packet filtered".
upvoted 1 times
...
...
Roldo97
Highly Voted 1 year, 11 months ago
To do this in RHEL8, you must use the command firewall-cmd. #firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.25.0.0/16' reject" --> Add the permanent rule to reject the whole network #firewall-cmd --reload --> Reload firewall rules #firewall-cmd --list-all --> List all loaded rules
upvoted 11 times
STFN2019
1 year, 2 months ago
This seems to be the most correct answer.
upvoted 1 times
...
...
hanienarimani
Most Recent 1 month, 1 week ago
The correct answer is : # firewall-cmd --zone=block --add-source=172.25.0.0/16 --permanent # firewall-cmd --reload Every packet that comes into a system is analyzed for its source address, and based on that source address, Firewalld analyzes whether or not the packet belongs to a specific zone. If not, the zone for the incoming network interface is used. If no specific zone is available, the packet is handled by the settings in the default zone.
upvoted 5 times
...
sugisho
1 year, 5 months ago
I think it's need only refuse access 172.25.0.0/16.so firewall-cmd --zone=drop --permanent --add-source=172.25.0.0/16
upvoted 1 times
...
ArchBishop
1 year, 6 months ago
After some research in the firewalld documentation: Block Zone: Any incoming network connections are rejected [...]. Only network connections initiated within this system are possible.
upvoted 1 times
...
ArchBishop
1 year, 6 months ago
Here is the thing that confuses me about the 2 solutions that have been provided in this discussion: adolfoale: Is this zone always active, or do you have to change the default/active zone to zone=block for this to work? As I understand it, this would only work if the block zone was active. Roldo: Your solution seems correct, I've just never used this solution before. what are your thoughts on adolfoale's solution? any other comments is really helpful. thanks much
upvoted 1 times
badguy001djh
1 year, 4 months ago
If you add source/interface to a zone, then that zone will active.
upvoted 1 times
...
...
adolfoale
1 year, 11 months ago
In RHEL8 # firewall-cmd --zone=block --add-source=172.25.0.0/16 --permanent # firewall-cmd --reload
upvoted 6 times
...
cytron
2 years, 1 month ago
There is no iptables in RHEL8 this need updating.
upvoted 8 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago