nerdexam
CompTIA

XK0-004 · Question #413

A systems administrator is required to allow only SSH access to the Linux servers from the 192.168.1.0/24 network. Which of the following iptables rules would accomplish this requirement?

The correct answer is B. Option B. Restricting SSH access to a specific subnet with iptables requires an ACCEPT rule for the authorized source network on port 22 followed by a DROP rule to block all other SSH attempts.

Security

Question

A systems administrator is required to allow only SSH access to the Linux servers from the 192.168.1.0/24 network. Which of the following iptables rules would accomplish this requirement?

Exhibit

XK0-004 question #413 exhibit

Options

  • AOption A
  • BOption B
  • COption C
  • DOption D

How the community answered

(26 responses)
  • A
    4% (1)
  • B
    85% (22)
  • C
    4% (1)
  • D
    8% (2)

Why each option

Restricting SSH access to a specific subnet with iptables requires an ACCEPT rule for the authorized source network on port 22 followed by a DROP rule to block all other SSH attempts.

AOption A

Option A likely omits the source subnet specification or uses incorrect syntax, which would either allow SSH from any host or fail to match traffic correctly.

BOption BCorrect

Option B correctly uses '-A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT' to permit SSH from the authorized subnet, then '-A INPUT -p tcp --dport 22 -j DROP' to deny all other sources. This leverages iptables sequential top-down rule evaluation - the subnet match fires first to allow authorized traffic, and the catch-all DROP blocks everything else on port 22.

COption C

Option C likely places the DROP rule before the ACCEPT rule, causing iptables to block all SSH traffic including from the 192.168.1.0/24 subnet due to first-match evaluation.

DOption D

Option D likely targets the wrong chain (such as OUTPUT instead of INPUT), uses an incorrect subnet mask, or applies to the wrong protocol, failing to enforce the source-based access restriction.

Concept tested: iptables INPUT chain rules restricting SSH access by source subnet

Source: https://linux.die.net/man/8/iptables

Topics

#iptables#firewall rules#SSH access control#network filtering

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice