I just want to know if this is correct for a. this is in my example but im a little confused on it such as the times and how i can do that in one rule # iptables -t filter -I OUTPUT -p utc --dport 80 -m time -- weekdays 6,7 -j REJECT I think i know how to do b

#iptables -I INPUT -s 192.168.10.2(VM2 ip address) -j DROP and on c i think it would be #iptables -t filter -A INPUT -p icmp -j REJECT #iptables -t filter -A INPUT -p ping -j REJECT 

and for this last one i have an example of this # iptables -I INPUT -p tcp --dport 22 -m connlimit --connlimitabove 2 -j REJECT

so would i change it to be this? # iptables -I INPUT -p tcp --dport 22 -m 0 --2 -j REJECT I'd really appreciate the conformation if i have these right with some explanation to make sure i can fully understand these commands

4. [Screenshots] Make network filtering rules on VM1 for the tasks below. Please take one screenshot for the rule (could be rules) and another screenshot for proving that the rule works. In terms of a company's working hours (7:30 am - 4:30 pm), please add iptables rule(s) on VM1, by which VM2 can't access Internet during the working hours from Monday to Friday. Before testing the rule, you should note that the time you used in the rules meant to be in UTC. If you want the rule works for your local time zone, you'd better to convert the working hours to UTC when you make the rule. For example, if you want to restrict packets at 7:00 am in ETC, you'd use the converted UTC time in your firewall rule(s). b. As we want VM2 to be an observer for VM1 (so that VM2 can check if VM1 is still running correctly), as an administrator, please add firewall rule/rules on VM1, by which VM1 is not able to ping VM2 but VM2 can ping VM1. C. If VM1 is also used as an http(web) server and the company doesn't want their server being bothered by other type of network packets. Please add firewall rule/rules on VM1, by which VM1 only accept HTTP packets (received on port 80). Before making the rule(s), you need to 1) install Apache's http server with command #yum install httpd, 2) launch the http server (# systemctl start httpd) on VM1 and 3) then test if the http server is running properly. The test could be done by accessing Apache's test page from a web browser (where you just enter http://[VM1'S IP ADDRESS) in the url bar). If your http server works properly you should be able to see the test page in Fig. 4. For testing the rule(s) you could simply try to send http packets (through web browser) and none-http packets (e.g., ICMP/ping) to VM1 and observe if they are blocked or passed through. Note that the test could end up with false positive. Please understand why the test could be done this way first before doing it. d. The last task for this semester is about making a rule for preventing DDOS attack made of a large volume of TCP connections. Please add a rule on VM1 to restrict the TCP connections within a reasonable number that your server can handle. For testing the rule (as you are not expected to generate a DDOS attack), first you can make the rule to only allow a very small number (e.g., 2) of TCP connections on VM1. Then you can make TCP connections exceeding that small number and test if the exceeding connection(s) were block by the firewall. In order to make TCP connections manually you can use any protocol based on TCP (e.g., http, ssh, telnet, etc.). However, if you want to create TCP connection with Google Chrome, please note that multiple tabs in Google Chrome won't generate the same number of TCP connections but will share 2 TCP connections only. A better way for generating more TCP connections with web browser is to use more than one web browsers. Precisely, if you want to check how many tcp connections have been build in the system, "ss" is a command requiring your self-learning 4. [Screenshots] Make network filtering rules on VM1 for the tasks below. Please take one screenshot for the rule (could be rules) and another screenshot for proving that the rule works. In terms of a company's working hours (7:30 am - 4:30 pm), please add iptables rule(s) on VM1, by which VM2 can't access Internet during the working hours from Monday to Friday. Before testing the rule, you should note that the time you used in the rules meant to be in UTC. If you want the rule works for your local time zone, you'd better to convert the working hours to UTC when you make the rule. For example, if you want to restrict packets at 7:00 am in ETC, you'd use the converted UTC time in your firewall rule(s). b. As we want VM2 to be an observer for VM1 (so that VM2 can check if VM1 is still running correctly), as an administrator, please add firewall rule/rules on VM1, by which VM1 is not able to ping VM2 but VM2 can ping VM1. C. If VM1 is also used as an http(web) server and the company doesn't want their server being bothered by other type of network packets. Please add firewall rule/rules on VM1, by which VM1 only accept HTTP packets (received on port 80). Before making the rule(s), you need to 1) install Apache's http server with command #yum install httpd, 2) launch the http server (# systemctl start httpd) on VM1 and 3) then test if the http server is running properly. The test could be done by accessing Apache's test page from a web browser (where you just enter http://[VM1'S IP ADDRESS) in the url bar). If your http server works properly you should be able to see the test page in Fig. 4. For testing the rule(s) you could simply try to send http packets (through web browser) and none-http packets (e.g., ICMP/ping) to VM1 and observe if they are blocked or passed through. Note that the test could end up with false positive. Please understand why the test could be done this way first before doing it. d. The last task for this semester is about making a rule for preventing DDOS attack made of a large volume of TCP connections. Please add a rule on VM1 to restrict the TCP connections within a reasonable number that your server can handle. For testing the rule (as you are not expected to generate a DDOS attack), first you can make the rule to only allow a very small number (e.g., 2) of TCP connections on VM1. Then you can make TCP connections exceeding that small number and test if the exceeding connection(s) were block by the firewall. In order to make TCP connections manually you can use any protocol based on TCP (e.g., http, ssh, telnet, etc.). However, if you want to create TCP connection with Google Chrome, please note that multiple tabs in Google Chrome won't generate the same number of TCP connections but will share 2 TCP connections only. A better way for generating more TCP connections with web browser is to use more than one web browsers. Precisely, if you want to check how many tcp connections have been build in the system, "ss" is a command requiring your self-learning