Discuss how you can define matching rules for iptables.

What will be an ideal response?


Define matching rules:
Matches can be based, for instance, on interfaces, ports, or IP addresses.
Not every possible option has to be specified. If an option (the destination port, for example) is not specified, it is not taken into consideration.
Specify the interface: -i for input, -o for output: -i eth0
-o cannot be used in the INPUT chain; -i is not possible in the OUTPUT chain.
Specify the protocol: -p TCP, -p UDP
The protocol can be specified with its abbreviation or the number of the protocol from /etc/protocols. Both lower and upper case are acceptable.
Specify source and/or destination IP: -s 1.2.3.4, -d 192.168.0.0/24
Specify source and/or destination port: --sport 1024:65535, -- dport 80
You can specify a single port or port ranges (start:end). The port you put in the rules depends on the service you want to access. /etc/services lists the ports and the service that can usually be found on that port. While UDP and TCP usually have the same service on the same port, this is not necessarily so. See Ports and Port Numbers for frequently used ports and the services associated with them.
Additional matches can be used with the option -m.

Computer Science & Information Technology

You might also like to view...

Answer the following statements true (T) or false (F)

1. Machine language is an example of a high-level language. 2. A CPU only understands machine language instructions. 3. Programs are often referred to as hardware. 4. The CPU is the most important component in a computer because without it, the computer could not run software. 5. The term "bit" stands for binary digit.

Computer Science & Information Technology

Which of the following commands will provide an administrator with the number of hops a packet takes from host to host?

A. nslookup B. ping C. traceroute D. route

Computer Science & Information Technology

The Adaptive Lempel-Ziv compression algorithm used by the compress utility is capable of an average compression ratio of what percent?

A. 30-40 B. 40-50 C. 50-60 D. 60-70

Computer Science & Information Technology

____________________ is a memory-management activity carried out by the Java runtime environment to reclaim dynamically allocated memory that is no longer being used.

Fill in the blank(s) with the appropriate word(s).

Computer Science & Information Technology