Question
I need help with Linux script, it will be a firewall script for a VM. Please see below for what to do. It is between
I need help with Linux script, it will be a firewall script for a VM. Please see below for what to do. It is between 2 VMs (Server SRV IP - 172.16.30.10) (Client CLT IP -172.16.31.10)
Creating a firewall script (better!) When using the iptables utilities (iptables-save and iptables-restore) the rules are saved in a NON-editable format. If you want to modify/update your rules the best approach is to store your rules in a shell script. To create a script for your rules, follow the following steps:
o Step #1: Setup the script file & header information.
o Step #2: Setup variables (optional but useful). o
Step #3: Flush your firewall table.
o Step #4: Record all the rules that you used successfully in the lab (scenario #4).
o Step #5: Test your script.
Scenario #4: Accept all incoming traffic for a given service for all hosts on a subset. In this scenario we will selectively allow/block hosts on a subnet: all hosts, except for your client host, may access the service on port 49999.
Server setup: Setup the server to listen on port 49999 on all interfaces.
Verify that the server is listening on the selected port.
Iptables setup:
List your current rules: there should be three rules (2 ACCEPT & 1 REJECT).
Insert the following two rules:
o Insert the rule to block all incoming traffic from your client on port 49999: insert it as the third rule: -I INPUT 3.
o Insert the rule to allow all incoming traffic of the subnet 172.16.31.0 on port 49999: insert it as the fourth rule. Brain teaser: What would happen if the rule was added rather than inserted? List the rules: you should see 5 rules.
Setup rules summary You should have the following rules (in that order):
Traffic originating from
your server is allowed (2 rules)
your own client is blocked (1 rule)
all other hosts on the client subnet are allowed (1 rule)
all other hosts are blocked (1 rule)
Iptables listing
ACCEPT all anywhere anywhere
AECCEPT all server_host anywhere
REJECT tcp client_host anywhere tcp dpt:49999 .
ACCEPT tcp 172.16.31.0/24 anywhere tcp dpt:49999
REJECT tcp anywhere anywhere tcp dpt:49999
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started