XK0-005 · Question #222
XK0-005 Question #222: Real Exam Question with Answer & Explanation
The correct answer is C: iptables -A INPUT -m multiport -p tcp --dports 80,443 -J LOG. Order matters in iptables. You have to log BEFORE apply a rule. If the log rule is below the acceptance rule, it will not reach the log action. Also, any "-A" will insert the rule at the end of the chain and "-I" will insert the rule at the beginning of the chain. The only option
Question
A Linux administrator needs to configure a new firewall without an existing ACL to allow incoming web traffic. The firewall must log the allowed network traffic. Which of the following command sequences would accomplish this task when they are executed in order?
Options
- Aiptables -A INPUT -p tcp --dport 80 -J LOG
- Biptables -I INPUT -m multiport -p tcp --dports 80,443 -J LOG
- Ciptables -A INPUT -m multiport -p tcp --dports 80,443 -J LOG
- Diptables -A INPUT -p tcp --dport 80 -J ACCEPT
Explanation
Order matters in iptables. You have to log BEFORE apply a rule. If the log rule is below the acceptance rule, it will not reach the log action. Also, any "-A" will insert the rule at the end of the chain and "-I" will insert the rule at the beginning of the chain. The only option that has the rigth order (Log, then accept) is "C".
Topics
Community Discussion
No community discussion yet for this question.