SlideShare a Scribd company logo

INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx

Download as DOCX, PDF
C
carliotwaycave

INFA 620Laboratory 4: Configuring a Firewall In this exercise you will be working with firewalld (see https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos), a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems (see https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/). It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall “zones” to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options. For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External). NIXENT01 (Enterprise) is a CentOS 7 machine.CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host. NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.) Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows: NIXENT01 (Enterprise) Service Associated IP Address domain, telnet 192.168.10.10 http, https 192.168.10.20 ftp, imap2, imaps, pop3, pop3s, urd 192.168.10.30 Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows: NIXEXT01 (External) Service Associated IP Address domain, telnet 192.168.10.210 http, https 192.168.10.220 ftp, imap, imaps, pop3, pop3s, urd 192.168.10.230 The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote DaaS Lab under Course Content. Allocating the Lab Machines Once you open the Lab Broker using the instructions given in ...

Education
1 of 16
INFA 620Laboratory 4: Configuring a Firewall In this exercise you will be working with firewalld (see https://www.linode.com/docs/security/firewalls/introduction-to- firewalld-on-centos), a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems (see https://www.howtogeek.com/177621/the- beginners-guide-to-iptables-the-linux-firewall/). It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall “zones” to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options. For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External). NIXENT01 (Enterprise) is a CentOS 7 machine.CentOS is a Linux distribution that attempts to provide a free, enterprise- class, community-supported computing platform. Firewalld will be running on this host.
NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian- based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.) Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows: NIXENT01 (Enterprise) Service Associated IP Address domain, telnet 192.168.10.10 http, https 192.168.10.20 ftp, imap2, imaps, pop3, pop3s, urd 192.168.10.30 Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows: NIXEXT01 (External) Service Associated IP Address domain, telnet 192.168.10.210 http, https 192.168.10.220 ftp, imap, imaps, pop3, pop3s, urd
192.168.10.230 The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote DaaS Lab under Course Content. Allocating the Lab Machines Once you open the Lab Broker using the instructions given in the UMUC Digital Lab Access Instructions found under Accessing Remote DaaS Lab under Course Content, you will see a new window open. Each of your courses that have labs will be listed here in the Lab Broker page. 1. Look for “INFA 620” and select “Nodes.” 2. Select “Allocate Lab” *this should take no more than 1 minute.* *Please Note*Allocated lab resources expire in 7 days. If a lab expires, work done within the lab machine.Connecting to the Lab Machines 1. Within the Lab Broker interface, view the current allocated nodes for INFA 620 2. Use the “Connect” button to initiate a connection to each of the two machines: 3. When prompted, enter the course credentials: a. Username: StudentFirst b. Password: [email protected] 4. Proceed with the connection. You will need to re-enter the above credentials. Network Traffic Simulation Script The Network traffic Simulation script allows users to test pathways to lab resource machines by using the terminal to initiate test packets. The script takes 2 input variables (IP address and service) and uses this information to initiate a test. The script is implemented using bash shell. The script accepts a target IP (-t) and any service name (-s) available in /etc/services. The script can be run on either machine to generate traffic for the other machine,
To run the script: 1. Open a Terminal window. 2. Enter command “sudo /usr/local/sbin/traffic_test -t(target IP)-s (service)” a. Target IP and Service are taken from the Enterprise and External Tables above b. Http example: “sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http” (This will be run on External since we are generating traffic to reach192.168.10.20 ) 3. Input the Password for the StudentFirst User: [email protected] 4. The script will then run a 5 packet test and display the results. The firewall is initially is set up to Deny by Default. So, no traffic will be admitted in either direction until we explicitly change the firewall rules.Filtering Incoming Traffic We will show by one example how to configure the http traffic coming into 192.168.10.20. Before we do that, let us verify, no http is coming in: Initial State Test (You are generating traffic from External to reach Enterprise.) EXAMPLE: Incoming traffic to Enterprise on http port not allowed [email protected]:~$ sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http [sudo] password for StudentFirst: HPING 192.168.10.20 (daaslab 192.168.10.20): S set, 40 headers + 0 data bytes --- 192.168.10.20 hping statistic --- 5 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms [email protected]:~$
Let us add an incoming traffic rule to the firewall to allow http traffic to 192.168.10.20 Adding inbound rules to daaslab zone (Firewall rules are always added from the Enterprise machine) [[email protected] ~]$ sudo firewall-cmd --zone=daaslab --add- rich-rule='rule family="ipv4" destination address="192.168.10.20/32" port protocol="tcp" port="80" accept’ [[email protected] ~]$ password for StudentFirst: Success You can verify whether a rule was added as follows: [[email protected] ~]$ sudo firewall-cmd --zone=daaslab --list- rich-rules rule family="ipv4" destination address="192.168.10.20/32" port port="80" protocol="tcp" accept [[email protected] ~]$ Test the effect of the new rule added: EXAMPLE: Incoming traffic to Enterprise on http port is now allowed [email protected]:~$ sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http [sudo] password for StudentFirst: HPING 192.168.10.20 (daaslab 192.168.10.20): S set, 40 headers + 0 data bytes len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=0 win=29200 rtt=3.9 ms len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=1 win=29200 rtt=3.8 ms len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=2 win=29200 rtt=3.7 ms len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=3 win=29200 rtt=3.6 ms
len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=4 win=29200 rtt=3.5 ms --- 192.168.10.20 hping statistic --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 3.5/3.7/3.9 ms [email protected]:~$ As you can see, the inbound http traffic to 192.168.10.20 has been enabled. On your own now, configure rules to allow the following nine services (45 Points): https to 192.168.10.20 domain and telnet to 192.168.10.1 0 ftp, imap2, imaps, pop3, pop3s, and urd to 192.168.10.30 Domain is often known as DNS (Domain Name Service). You should be able to google port numbers for various services. Before you configure, first make sure, using the test script given, these traffic types are not allowed to the respective hosts. After configuring them, make sure they are allowed to the respective hosts. Also, verify that the rules were added using sudo firewall-cmd --zone=daaslab --list-rich-rules. There should be one rule for each service added. If you have done correctly, this is what will be listed: rule family="ipv4" destination address="192.168.10.20/32" port port="80" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.20/32" port port="443" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.10/32" port port="23" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.10/32" port port="53" protocol="tcp" accept
rule family="ipv4" destination address="192.168.10.30/32" port port="20" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="21" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="143" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="993" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="110" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="995" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="465" protocol="tcp" accept Outgoing Traffic Initial State Test Outgoing traffic to External on http port not allowed (You are generating traffic from Enterprise to reach External.) [[email protected] ~]$ sudo /usr/local/sbin/traffic_test -t 192.168.10.220 -s http [sudo] password for StudentFirst: HPING 192.168.10.220 (daaslab 192.168.10.220): S set, 40 headers + 0 data bytes [send_ip] sendto: Operation not permitted [[email protected] ~]$ Adding an outgoing traffic rules to the firewall Adding outbound rules Via the Terminal [[email protected] ~]$ sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT success [[email protected] ~]$ Outbound Rules Test
Outgoing traffic to External on http port allowed [[email protected] ~]$ sudo /usr/local/sbin/traffic_test -t 192.168.10.220 -s http [sudo] password for StudentFirst: HPING 192.168.10.220 (daaslab 192.168.10.220): S set, 40 headers + 0 data bytes len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=0 win=29200 rtt=1.9 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=1 win=29200 rtt=2.0 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=2 win=29200 rtt=3.8 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=3 win=29200 rtt=2.0 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=4 win=29200 rtt=2.0 ms --- 192.168.10.220 hping statistic --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 1.9/2.3/3.8 ms [[email protected] ~]$ On your own now, configure rules to allow the following nine services (45 Points): https to 192.168.10.220 domain and telnet to 192.168.10.210 ftp, imap2, imaps, pop3, pop3s and urd to 192.168.10.230 Before you configure, first make sure using the test script these traffic types are not allowed to the respective hosts. After configuring them, make sure they are allowed to the respective hosts. Miscellaneous Tasks
Making Rules Persistent (Not needed for this lab exercise) Making rules persistent [[email protected] ~]$ sudo firewall-cmd --runtime-to- permanent success [[email protected] ~]$ You can view the Iptables to see what rules you have added. In the example below, the table entries that are highlighted are the ones we have just added. Viewing the IP Tables Viewing iptables rules (Just an example output) Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere multiport dports rfe ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject- with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject- with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_daaslab all -- anywhere anywhere FWDI_trusted all -- anywhere anywhere FWDI_trusted all -- anywhere anywhere Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_daaslab all -- anywhere anywhere FWDO_trusted all -- anywhere anywhere FWDO_trusted all -- anywhere anywhere Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_daaslab (1 references) target prot opt source destination
FWDI_daaslab_log all -- anywhere anywhere FWDI_daaslab_deny all -- anywhere anywhere FWDI_daaslab_allow all -- anywhere anywhere DROP all -- anywhere anywhere Chain FWDI_daaslab_allow (1 references) target prot opt source destination Chain FWDI_daaslab_deny (1 references) target prot opt source destination Chain FWDI_daaslab_log (1 references) target prot opt source destination Chain FWDI_trusted (2 references) target prot opt source destination FWDI_trusted_log all -- anywhere anywhere FWDI_trusted_deny all -- anywhere anywhere FWDI_trusted_allow all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FWDI_trusted_allow (1 references) target prot opt source destination Chain FWDI_trusted_deny (1 references) target prot opt source destination Chain FWDI_trusted_log (1 references) target prot opt source destination Chain FWDO_daaslab (1 references) target prot opt source destination FWDO_daaslab_log all -- anywhere anywhere FWDO_daaslab_deny all -- anywhere anywhere FWDO_daaslab_allow all -- anywhere anywhere DROP all -- anywhere anywhere
Chain FWDO_daaslab_allow (1 references) target prot opt source destination Chain FWDO_daaslab_deny (1 references) target prot opt source destination Chain FWDO_daaslab_log (1 references) target prot opt source destination Chain FWDO_trusted (2 references) target prot opt source destination FWDO_trusted_log all -- anywhere anywhere FWDO_trusted_deny all -- anywhere anywhere FWDO_trusted_allow all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FWDO_trusted_allow (1 references) target prot opt source destination Chain FWDO_trusted_deny (1 references) target prot opt source destination Chain FWDO_trusted_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_daaslab all -- anywhere anywhere IN_trusted all -- anywhere anywhere IN_trusted all -- anywhere anywhere Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references)
target prot opt source destination Chain IN_daaslab (1 references) target prot opt source destination IN_daaslab_log all -- anywhere anywhere IN_daaslab_deny all -- anywhere anywhere IN_daaslab_allow all -- anywhere anywhere DROP all -- anywhere anywhere Chain IN_daaslab_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere ip-192-168-10- 20.ec2.internal tcp dpt:http ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 20.ec2.internal tcp dpt:https ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 10.ec2.internal tcp dpt:telnet ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 10.ec2.internal tcp dpt:domain ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:ftp-data ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:ftp ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:imap ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:imaps ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:pop3 ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:pop3s ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:urd ctstate NEW Chain IN_daaslab_deny (1 references) target prot opt source destination
Chain IN_daaslab_log (1 references) target prot opt source destination Chain IN_trusted (2 references) target prot opt source destination IN_trusted_log all -- anywhere anywhere IN_trusted_deny all -- anywhere anywhere IN_trusted_allow all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain IN_trusted_allow (1 references) target prot opt source destination Chain IN_trusted_deny (1 references) target prot opt source destination Chain IN_trusted_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:telnet ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:imaps REJECT all -- anywhere anywhere reject- with icmp-host-prohibited [[email protected] ~]$ Export the IP Tables, as illustrated below (for submission) Exporting iptables rules [[email protected] ~]$ sudo iptables-save > ~/Desktop/iptables_rules-May17-17.txt [sudo] password for StudentFirst: [[email protected] ~]$ Transfer this file, iptables_rules-May17-17.txt, first to the workspsace Desktop. From there, you can email the file using the Chrome browser to yourself and then submit it to the Lab 4 folder in the classroom. (10 Points) Also, provide a short summary of your experience of using DaaS for this Lab (Difficulties you have encountered, what worked, what did not work, etc.) 1
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx

Recommended

Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Kaan Aslandağ
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Firewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackFirewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackMahmoud Shiri Varamini
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkRiyaj Shamsudeen
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 

Recommended

Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Configuration Firewalld On CentOS 8
Configuration Firewalld On CentOS 8Kaan Aslandağ
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Firewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackFirewalld : A New Interface to Your Netfilter Stack
Firewalld : A New Interface to Your Netfilter StackMahmoud Shiri Varamini
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkRiyaj Shamsudeen
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Firewall
FirewallFirewall
Firewallkhalid abdelazim
 
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfNote I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfezonesolutions
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...JohnWilson47710
 
Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotiklouisraj
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation ToolsEdwin Beekman
 
Cisco asa firewall command line technical guide
Cisco asa firewall command line technical guideCisco asa firewall command line technical guide
Cisco asa firewall command line technical guideMDEMARCOCCIE
 
Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpnRohit Pardasani
 
Command.pptx presentation
Command.pptx presentationCommand.pptx presentation
Command.pptx presentationAkshay193557
 
5 - Networking in Red Hat
5 - Networking in Red Hat5 - Networking in Red Hat
5 - Networking in Red HatShafaan Khaliq Bhatti
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
Code Red Security
Code Red SecurityCode Red Security
Code Red SecurityAmr Ali
 
Linux router
Linux routerLinux router
Linux routerMiguel E Arellano Quezada
 
INFA 620Lab 4 Firewall.docx
INFA 620Lab 4 Firewall.docxINFA 620Lab 4 Firewall.docx
INFA 620Lab 4 Firewall.docxjaggernaoma
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Managing Large-scale Networks with Trigger
Managing Large-scale Networks with TriggerManaging Large-scale Networks with Trigger
Managing Large-scale Networks with Triggerjathanism
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linuxaamir lucky
 
Developing Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaDeveloping Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaJoe Stein
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
MTCNA Show.pptx
MTCNA Show.pptxMTCNA Show.pptx
MTCNA Show.pptxahmedraed19
 
make sure to discuss the following•your understanding of t.docx
make sure to discuss the following•your understanding of t.docxmake sure to discuss the following•your understanding of t.docx
make sure to discuss the following•your understanding of t.docxcarliotwaycave
 
make sure to discuss the following•your understanding of .docx
make sure to discuss the following•your understanding of .docxmake sure to discuss the following•your understanding of .docx
make sure to discuss the following•your understanding of .docxcarliotwaycave
 

More Related Content

Similar to INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx

Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfNote I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfezonesolutions
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...JohnWilson47710
 
Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotiklouisraj
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation ToolsEdwin Beekman
 
Cisco asa firewall command line technical guide
Cisco asa firewall command line technical guideCisco asa firewall command line technical guide
Cisco asa firewall command line technical guideMDEMARCOCCIE
 
Command.pptx presentation
Command.pptx presentationCommand.pptx presentation
Command.pptx presentationAkshay193557
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
Code Red Security
Code Red SecurityCode Red Security
Code Red SecurityAmr Ali
 
INFA 620Lab 4 Firewall.docx
INFA 620Lab 4 Firewall.docxINFA 620Lab 4 Firewall.docx
INFA 620Lab 4 Firewall.docxjaggernaoma
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Managing Large-scale Networks with Trigger
Managing Large-scale Networks with TriggerManaging Large-scale Networks with Trigger
Managing Large-scale Networks with Triggerjathanism
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linuxaamir lucky
 
Developing Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaDeveloping Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaJoe Stein
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 

Similar to INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx (20)

Firewall
FirewallFirewall
Firewall
 
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfNote I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
 
Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotik
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
 
Cisco asa firewall command line technical guide
Cisco asa firewall command line technical guideCisco asa firewall command line technical guide
Cisco asa firewall command line technical guide
 
Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpn
 
Command.pptx presentation
Command.pptx presentationCommand.pptx presentation
Command.pptx presentation
 
5 - Networking in Red Hat
5 - Networking in Red Hat5 - Networking in Red Hat
5 - Networking in Red Hat
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
 
Linux router
Linux routerLinux router
Linux router
 
INFA 620Lab 4 Firewall.docx
INFA 620Lab 4 Firewall.docxINFA 620Lab 4 Firewall.docx
INFA 620Lab 4 Firewall.docx
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Managing Large-scale Networks with Trigger
Managing Large-scale Networks with TriggerManaging Large-scale Networks with Trigger
Managing Large-scale Networks with Trigger
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linux
 
Developing Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaDeveloping Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache Kafka
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modules
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
MTCNA Show.pptx
MTCNA Show.pptxMTCNA Show.pptx
MTCNA Show.pptx
 

More from carliotwaycave

make sure to discuss the following•your understanding of t.docx
make sure to discuss the following•your understanding of t.docxmake sure to discuss the following•your understanding of t.docx
make sure to discuss the following•your understanding of t.docxcarliotwaycave
 
make sure to discuss the following•your understanding of .docx
make sure to discuss the following•your understanding of .docxmake sure to discuss the following•your understanding of .docx
make sure to discuss the following•your understanding of .docxcarliotwaycave
 
make sure to discuss the following•your understanding o.docx
make sure to discuss the following•your understanding o.docxmake sure to discuss the following•your understanding o.docx
make sure to discuss the following•your understanding o.docxcarliotwaycave
 
Major DiseasesCHAPTER 10Chapter 10Maj.docx
Major DiseasesCHAPTER 10Chapter 10Maj.docxMajor DiseasesCHAPTER 10Chapter 10Maj.docx
Major DiseasesCHAPTER 10Chapter 10Maj.docxcarliotwaycave
 
Main questions of the essay1. What are types of daily-lived situat.docx
Main questions of the essay1. What are types of daily-lived situat.docxMain questions of the essay1. What are types of daily-lived situat.docx
Main questions of the essay1. What are types of daily-lived situat.docxcarliotwaycave
 
Make a simple plan to observe and evaluate a facility in your school.docx
Make a simple plan to observe and evaluate a facility in your school.docxMake a simple plan to observe and evaluate a facility in your school.docx
Make a simple plan to observe and evaluate a facility in your school.docxcarliotwaycave
 
Major Approaches to Clinical Psychology PresentationSelect one.docx
Major Approaches to Clinical Psychology PresentationSelect one.docxMajor Approaches to Clinical Psychology PresentationSelect one.docx
Major Approaches to Clinical Psychology PresentationSelect one.docxcarliotwaycave
 
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docx
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docxMake a powerpoint presentation. At least 4 to 6 pages. Your pape.docx
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docxcarliotwaycave
 
Make a 150 word response to the following. Incorporarte what was sai.docx
Make a 150 word response to the following. Incorporarte what was sai.docxMake a 150 word response to the following. Incorporarte what was sai.docx
Make a 150 word response to the following. Incorporarte what was sai.docxcarliotwaycave
 
Major dams and bridges were built by the WPA during the New Deal o.docx
Major dams and bridges were built by the WPA during the New Deal o.docxMajor dams and bridges were built by the WPA during the New Deal o.docx
Major dams and bridges were built by the WPA during the New Deal o.docxcarliotwaycave
 
Major Paper #1--The Point of View EssayWe will be working on this .docx
Major Paper #1--The Point of View EssayWe will be working on this .docxMajor Paper #1--The Point of View EssayWe will be working on this .docx
Major Paper #1--The Point of View EssayWe will be working on this .docxcarliotwaycave
 
Major Essay for Final needs to be 5 pages long on the topic below an.docx
Major Essay for Final needs to be 5 pages long on the topic below an.docxMajor Essay for Final needs to be 5 pages long on the topic below an.docx
Major Essay for Final needs to be 5 pages long on the topic below an.docxcarliotwaycave
 
Major AssignmentObjectivesThis assignment will provide practice .docx
Major AssignmentObjectivesThis assignment will provide practice .docxMajor AssignmentObjectivesThis assignment will provide practice .docx
Major AssignmentObjectivesThis assignment will provide practice .docxcarliotwaycave
 
magine that you are employed by one of the followingT.docx
magine that you are employed by one of the followingT.docxmagine that you are employed by one of the followingT.docx
magine that you are employed by one of the followingT.docxcarliotwaycave
 
M4D1 Communication TechnologiesIn this module, we have focused .docx
M4D1 Communication TechnologiesIn this module, we have focused .docxM4D1 Communication TechnologiesIn this module, we have focused .docx
M4D1 Communication TechnologiesIn this module, we have focused .docxcarliotwaycave
 
M A N N I N GRobert I. KabacoffSECOND EDITION IN A.docx
M A N N I N GRobert I. KabacoffSECOND EDITION IN A.docxM A N N I N GRobert I. KabacoffSECOND EDITION IN A.docx
M A N N I N GRobert I. KabacoffSECOND EDITION IN A.docxcarliotwaycave
 
Luthans and Doh (2012) discuss three major techniques for responding.docx
Luthans and Doh (2012) discuss three major techniques for responding.docxLuthans and Doh (2012) discuss three major techniques for responding.docx
Luthans and Doh (2012) discuss three major techniques for responding.docxcarliotwaycave
 
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docx
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docxLyddie by Katherine Paterson1. If you were Lyddie how would you h.docx
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docxcarliotwaycave
 
Luthans and Doh (2012) discuss feedback systems. Why is it important.docx
Luthans and Doh (2012) discuss feedback systems. Why is it important.docxLuthans and Doh (2012) discuss feedback systems. Why is it important.docx
Luthans and Doh (2012) discuss feedback systems. Why is it important.docxcarliotwaycave
 
Luthans and Doh (2012) discuss factors affecting decision-making aut.docx
Luthans and Doh (2012) discuss factors affecting decision-making aut.docxLuthans and Doh (2012) discuss factors affecting decision-making aut.docx
Luthans and Doh (2012) discuss factors affecting decision-making aut.docxcarliotwaycave
 

More from carliotwaycave (20)

make sure to discuss the following•your understanding of t.docx
make sure to discuss the following•your understanding of t.docxmake sure to discuss the following•your understanding of t.docx
make sure to discuss the following•your understanding of t.docx
 
make sure to discuss the following•your understanding of .docx
make sure to discuss the following•your understanding of .docxmake sure to discuss the following•your understanding of .docx
make sure to discuss the following•your understanding of .docx
 
make sure to discuss the following•your understanding o.docx
make sure to discuss the following•your understanding o.docxmake sure to discuss the following•your understanding o.docx
make sure to discuss the following•your understanding o.docx
 
Major DiseasesCHAPTER 10Chapter 10Maj.docx
Major DiseasesCHAPTER 10Chapter 10Maj.docxMajor DiseasesCHAPTER 10Chapter 10Maj.docx
Major DiseasesCHAPTER 10Chapter 10Maj.docx
 
Main questions of the essay1. What are types of daily-lived situat.docx
Main questions of the essay1. What are types of daily-lived situat.docxMain questions of the essay1. What are types of daily-lived situat.docx
Main questions of the essay1. What are types of daily-lived situat.docx
 
Make a simple plan to observe and evaluate a facility in your school.docx
Make a simple plan to observe and evaluate a facility in your school.docxMake a simple plan to observe and evaluate a facility in your school.docx
Make a simple plan to observe and evaluate a facility in your school.docx
 
Major Approaches to Clinical Psychology PresentationSelect one.docx
Major Approaches to Clinical Psychology PresentationSelect one.docxMajor Approaches to Clinical Psychology PresentationSelect one.docx
Major Approaches to Clinical Psychology PresentationSelect one.docx
 
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docx
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docxMake a powerpoint presentation. At least 4 to 6 pages. Your pape.docx
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docx
 
Make a 150 word response to the following. Incorporarte what was sai.docx
Make a 150 word response to the following. Incorporarte what was sai.docxMake a 150 word response to the following. Incorporarte what was sai.docx
Make a 150 word response to the following. Incorporarte what was sai.docx
 
Major dams and bridges were built by the WPA during the New Deal o.docx
Major dams and bridges were built by the WPA during the New Deal o.docxMajor dams and bridges were built by the WPA during the New Deal o.docx
Major dams and bridges were built by the WPA during the New Deal o.docx
 
Major Paper #1--The Point of View EssayWe will be working on this .docx
Major Paper #1--The Point of View EssayWe will be working on this .docxMajor Paper #1--The Point of View EssayWe will be working on this .docx
Major Paper #1--The Point of View EssayWe will be working on this .docx
 
Major Essay for Final needs to be 5 pages long on the topic below an.docx
Major Essay for Final needs to be 5 pages long on the topic below an.docxMajor Essay for Final needs to be 5 pages long on the topic below an.docx
Major Essay for Final needs to be 5 pages long on the topic below an.docx
 
Major AssignmentObjectivesThis assignment will provide practice .docx
Major AssignmentObjectivesThis assignment will provide practice .docxMajor AssignmentObjectivesThis assignment will provide practice .docx
Major AssignmentObjectivesThis assignment will provide practice .docx
 
magine that you are employed by one of the followingT.docx
magine that you are employed by one of the followingT.docxmagine that you are employed by one of the followingT.docx
magine that you are employed by one of the followingT.docx
 
M4D1 Communication TechnologiesIn this module, we have focused .docx
M4D1 Communication TechnologiesIn this module, we have focused .docxM4D1 Communication TechnologiesIn this module, we have focused .docx
M4D1 Communication TechnologiesIn this module, we have focused .docx
 
M A N N I N GRobert I. KabacoffSECOND EDITION IN A.docx
M A N N I N GRobert I. KabacoffSECOND EDITION IN A.docxM A N N I N GRobert I. KabacoffSECOND EDITION IN A.docx
M A N N I N GRobert I. KabacoffSECOND EDITION IN A.docx
 
Luthans and Doh (2012) discuss three major techniques for responding.docx
Luthans and Doh (2012) discuss three major techniques for responding.docxLuthans and Doh (2012) discuss three major techniques for responding.docx
Luthans and Doh (2012) discuss three major techniques for responding.docx
 
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docx
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docxLyddie by Katherine Paterson1. If you were Lyddie how would you h.docx
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docx
 
Luthans and Doh (2012) discuss feedback systems. Why is it important.docx
Luthans and Doh (2012) discuss feedback systems. Why is it important.docxLuthans and Doh (2012) discuss feedback systems. Why is it important.docx
Luthans and Doh (2012) discuss feedback systems. Why is it important.docx
 
Luthans and Doh (2012) discuss factors affecting decision-making aut.docx
Luthans and Doh (2012) discuss factors affecting decision-making aut.docxLuthans and Doh (2012) discuss factors affecting decision-making aut.docx
Luthans and Doh (2012) discuss factors affecting decision-making aut.docx
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 

INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx

  • 1. INFA 620Laboratory 4: Configuring a Firewall In this exercise you will be working with firewalld (see https://www.linode.com/docs/security/firewalls/introduction-to- firewalld-on-centos), a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems (see https://www.howtogeek.com/177621/the- beginners-guide-to-iptables-the-linux-firewall/). It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall “zones” to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options. For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External). NIXENT01 (Enterprise) is a CentOS 7 machine.CentOS is a Linux distribution that attempts to provide a free, enterprise- class, community-supported computing platform. Firewalld will be running on this host.
  • 2. NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian- based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.) Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows: NIXENT01 (Enterprise) Service Associated IP Address domain, telnet 192.168.10.10 http, https 192.168.10.20 ftp, imap2, imaps, pop3, pop3s, urd 192.168.10.30 Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows: NIXEXT01 (External) Service Associated IP Address domain, telnet 192.168.10.210 http, https 192.168.10.220 ftp, imap, imaps, pop3, pop3s, urd
  • 3. 192.168.10.230 The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote DaaS Lab under Course Content. Allocating the Lab Machines Once you open the Lab Broker using the instructions given in the UMUC Digital Lab Access Instructions found under Accessing Remote DaaS Lab under Course Content, you will see a new window open. Each of your courses that have labs will be listed here in the Lab Broker page. 1. Look for “INFA 620” and select “Nodes.” 2. Select “Allocate Lab” *this should take no more than 1 minute.* *Please Note*Allocated lab resources expire in 7 days. If a lab expires, work done within the lab machine.Connecting to the Lab Machines 1. Within the Lab Broker interface, view the current allocated nodes for INFA 620 2. Use the “Connect” button to initiate a connection to each of the two machines: 3. When prompted, enter the course credentials: a. Username: StudentFirst b. Password: [email protected] 4. Proceed with the connection. You will need to re-enter the above credentials. Network Traffic Simulation Script The Network traffic Simulation script allows users to test pathways to lab resource machines by using the terminal to initiate test packets. The script takes 2 input variables (IP address and service) and uses this information to initiate a test. The script is implemented using bash shell. The script accepts a target IP (-t) and any service name (-s) available in /etc/services. The script can be run on either machine to generate traffic for the other machine,
  • 4. To run the script: 1. Open a Terminal window. 2. Enter command “sudo /usr/local/sbin/traffic_test -t(target IP)-s (service)” a. Target IP and Service are taken from the Enterprise and External Tables above b. Http example: “sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http” (This will be run on External since we are generating traffic to reach192.168.10.20 ) 3. Input the Password for the StudentFirst User: [email protected] 4. The script will then run a 5 packet test and display the results. The firewall is initially is set up to Deny by Default. So, no traffic will be admitted in either direction until we explicitly change the firewall rules.Filtering Incoming Traffic We will show by one example how to configure the http traffic coming into 192.168.10.20. Before we do that, let us verify, no http is coming in: Initial State Test (You are generating traffic from External to reach Enterprise.) EXAMPLE: Incoming traffic to Enterprise on http port not allowed [email protected]:~$ sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http [sudo] password for StudentFirst: HPING 192.168.10.20 (daaslab 192.168.10.20): S set, 40 headers + 0 data bytes --- 192.168.10.20 hping statistic --- 5 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms [email protected]:~$
  • 5. Let us add an incoming traffic rule to the firewall to allow http traffic to 192.168.10.20 Adding inbound rules to daaslab zone (Firewall rules are always added from the Enterprise machine) [[email protected] ~]$ sudo firewall-cmd --zone=daaslab --add- rich-rule='rule family="ipv4" destination address="192.168.10.20/32" port protocol="tcp" port="80" accept’ [[email protected] ~]$ password for StudentFirst: Success You can verify whether a rule was added as follows: [[email protected] ~]$ sudo firewall-cmd --zone=daaslab --list- rich-rules rule family="ipv4" destination address="192.168.10.20/32" port port="80" protocol="tcp" accept [[email protected] ~]$ Test the effect of the new rule added: EXAMPLE: Incoming traffic to Enterprise on http port is now allowed [email protected]:~$ sudo /usr/local/sbin/traffic_test -t 192.168.10.20 -s http [sudo] password for StudentFirst: HPING 192.168.10.20 (daaslab 192.168.10.20): S set, 40 headers + 0 data bytes len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=0 win=29200 rtt=3.9 ms len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=1 win=29200 rtt=3.8 ms len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=2 win=29200 rtt=3.7 ms len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=3 win=29200 rtt=3.6 ms
  • 6. len=44 ip=192.168.10.20 ttl=64 DF id=0 sport=80 flags=SA seq=4 win=29200 rtt=3.5 ms --- 192.168.10.20 hping statistic --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 3.5/3.7/3.9 ms [email protected]:~$ As you can see, the inbound http traffic to 192.168.10.20 has been enabled. On your own now, configure rules to allow the following nine services (45 Points): https to 192.168.10.20 domain and telnet to 192.168.10.1 0 ftp, imap2, imaps, pop3, pop3s, and urd to 192.168.10.30 Domain is often known as DNS (Domain Name Service). You should be able to google port numbers for various services. Before you configure, first make sure, using the test script given, these traffic types are not allowed to the respective hosts. After configuring them, make sure they are allowed to the respective hosts. Also, verify that the rules were added using sudo firewall-cmd --zone=daaslab --list-rich-rules. There should be one rule for each service added. If you have done correctly, this is what will be listed: rule family="ipv4" destination address="192.168.10.20/32" port port="80" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.20/32" port port="443" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.10/32" port port="23" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.10/32" port port="53" protocol="tcp" accept
  • 7. rule family="ipv4" destination address="192.168.10.30/32" port port="20" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="21" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="143" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="993" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="110" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="995" protocol="tcp" accept rule family="ipv4" destination address="192.168.10.30/32" port port="465" protocol="tcp" accept Outgoing Traffic Initial State Test Outgoing traffic to External on http port not allowed (You are generating traffic from Enterprise to reach External.) [[email protected] ~]$ sudo /usr/local/sbin/traffic_test -t 192.168.10.220 -s http [sudo] password for StudentFirst: HPING 192.168.10.220 (daaslab 192.168.10.220): S set, 40 headers + 0 data bytes [send_ip] sendto: Operation not permitted [[email protected] ~]$ Adding an outgoing traffic rules to the firewall Adding outbound rules Via the Terminal [[email protected] ~]$ sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT success [[email protected] ~]$ Outbound Rules Test
  • 8. Outgoing traffic to External on http port allowed [[email protected] ~]$ sudo /usr/local/sbin/traffic_test -t 192.168.10.220 -s http [sudo] password for StudentFirst: HPING 192.168.10.220 (daaslab 192.168.10.220): S set, 40 headers + 0 data bytes len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=0 win=29200 rtt=1.9 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=1 win=29200 rtt=2.0 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=2 win=29200 rtt=3.8 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=3 win=29200 rtt=2.0 ms len=44 ip=192.168.10.220 ttl=64 DF id=0 sport=80 flags=SA seq=4 win=29200 rtt=2.0 ms --- 192.168.10.220 hping statistic --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 1.9/2.3/3.8 ms [[email protected] ~]$ On your own now, configure rules to allow the following nine services (45 Points): https to 192.168.10.220 domain and telnet to 192.168.10.210 ftp, imap2, imaps, pop3, pop3s and urd to 192.168.10.230 Before you configure, first make sure using the test script these traffic types are not allowed to the respective hosts. After configuring them, make sure they are allowed to the respective hosts. Miscellaneous Tasks
  • 9. Making Rules Persistent (Not needed for this lab exercise) Making rules persistent [[email protected] ~]$ sudo firewall-cmd --runtime-to- permanent success [[email protected] ~]$ You can view the Iptables to see what rules you have added. In the example below, the table entries that are highlighted are the ones we have just added. Viewing the IP Tables Viewing iptables rules (Just an example output) Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere multiport dports rfe ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject- with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
  • 10. FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject- with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_daaslab all -- anywhere anywhere FWDI_trusted all -- anywhere anywhere FWDI_trusted all -- anywhere anywhere Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_daaslab all -- anywhere anywhere FWDO_trusted all -- anywhere anywhere FWDO_trusted all -- anywhere anywhere Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_daaslab (1 references) target prot opt source destination
  • 11. FWDI_daaslab_log all -- anywhere anywhere FWDI_daaslab_deny all -- anywhere anywhere FWDI_daaslab_allow all -- anywhere anywhere DROP all -- anywhere anywhere Chain FWDI_daaslab_allow (1 references) target prot opt source destination Chain FWDI_daaslab_deny (1 references) target prot opt source destination Chain FWDI_daaslab_log (1 references) target prot opt source destination Chain FWDI_trusted (2 references) target prot opt source destination FWDI_trusted_log all -- anywhere anywhere FWDI_trusted_deny all -- anywhere anywhere FWDI_trusted_allow all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FWDI_trusted_allow (1 references) target prot opt source destination Chain FWDI_trusted_deny (1 references) target prot opt source destination Chain FWDI_trusted_log (1 references) target prot opt source destination Chain FWDO_daaslab (1 references) target prot opt source destination FWDO_daaslab_log all -- anywhere anywhere FWDO_daaslab_deny all -- anywhere anywhere FWDO_daaslab_allow all -- anywhere anywhere DROP all -- anywhere anywhere
  • 12. Chain FWDO_daaslab_allow (1 references) target prot opt source destination Chain FWDO_daaslab_deny (1 references) target prot opt source destination Chain FWDO_daaslab_log (1 references) target prot opt source destination Chain FWDO_trusted (2 references) target prot opt source destination FWDO_trusted_log all -- anywhere anywhere FWDO_trusted_deny all -- anywhere anywhere FWDO_trusted_allow all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FWDO_trusted_allow (1 references) target prot opt source destination Chain FWDO_trusted_deny (1 references) target prot opt source destination Chain FWDO_trusted_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_daaslab all -- anywhere anywhere IN_trusted all -- anywhere anywhere IN_trusted all -- anywhere anywhere Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references)
  • 13. target prot opt source destination Chain IN_daaslab (1 references) target prot opt source destination IN_daaslab_log all -- anywhere anywhere IN_daaslab_deny all -- anywhere anywhere IN_daaslab_allow all -- anywhere anywhere DROP all -- anywhere anywhere Chain IN_daaslab_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere ip-192-168-10- 20.ec2.internal tcp dpt:http ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 20.ec2.internal tcp dpt:https ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 10.ec2.internal tcp dpt:telnet ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 10.ec2.internal tcp dpt:domain ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:ftp-data ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:ftp ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:imap ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:imaps ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:pop3 ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:pop3s ctstate NEW ACCEPT tcp -- anywhere ip-192-168-10- 30.ec2.internal tcp dpt:urd ctstate NEW Chain IN_daaslab_deny (1 references) target prot opt source destination
  • 14. Chain IN_daaslab_log (1 references) target prot opt source destination Chain IN_trusted (2 references) target prot opt source destination IN_trusted_log all -- anywhere anywhere IN_trusted_deny all -- anywhere anywhere IN_trusted_allow all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain IN_trusted_allow (1 references) target prot opt source destination Chain IN_trusted_deny (1 references) target prot opt source destination Chain IN_trusted_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:telnet ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:imap
  • 15. ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:urd ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:imaps REJECT all -- anywhere anywhere reject- with icmp-host-prohibited [[email protected] ~]$ Export the IP Tables, as illustrated below (for submission) Exporting iptables rules [[email protected] ~]$ sudo iptables-save > ~/Desktop/iptables_rules-May17-17.txt [sudo] password for StudentFirst: [[email protected] ~]$ Transfer this file, iptables_rules-May17-17.txt, first to the workspsace Desktop. From there, you can email the file using the Chrome browser to yourself and then submit it to the Lab 4 folder in the classroom. (10 Points) Also, provide a short summary of your experience of using DaaS for this Lab (Difficulties you have encountered, what worked, what did not work, etc.) 1