XK0-004 · Question #479
A Linux administrator needs to implement a secunty policy that prevents all connections from the marketing department that has the IP subnet 10.10.10.0/24 from reaching the current server. Which of th
The correct answer is B. iptables -A input -s 10.10.10.0/24 -j ACCEFT. The marked answer B is incorrect. Option B uses -j ACCEFT (a typo for ACCEPT), which would allow traffic - the opposite of the goal. Option D (iptables -A input -s 10.10.10.0/24 -j DROP) is the correct approach: the INPUT chain handles packets destined for the local server, -s 10
Question
A Linux administrator needs to implement a secunty policy that prevents all connections from the marketing department that has the IP subnet 10.10.10.0/24 from reaching the current server. Which of the following commands can BEST accomplish this task?
Options
- Aiptables -A output -s 10.10.10.0/24 -j DROP
- Biptables -A input -s 10.10.10.0/24 -j ACCEFT
- Ciptables -A forward -s 10.10.10.0/24 -j ACCEPT
- Diptables -A input -s 10.10.10.0/24 -j DROP
How the community answered
(54 responses)- A4% (2)
- B94% (51)
- C2% (1)
Explanation
The marked answer B is incorrect. Option B uses -j ACCEFT (a typo for ACCEPT), which would allow traffic - the opposite of the goal. Option D (iptables -A input -s 10.10.10.0/24 -j DROP) is the correct approach: the INPUT chain handles packets destined for the local server, -s 10.10.10.0/24 matches the source subnet, and -j DROP silently discards the packets. Option A incorrectly uses the OUTPUT chain (which filters traffic leaving the server). Option C uses the FORWARD chain (for traffic routed through the server, not destined for it) and also uses ACCEPT. Note: iptables chain names must be uppercase in practice (INPUT, not input), but conceptually D is the only answer that correctly blocks inbound traffic from that subnet.
Topics
Community Discussion
No community discussion yet for this question.