From 382a929890b2566c7b8a9557abd4606a837a0401 Mon Sep 17 00:00:00 2001 From: DeadFire Date: Thu, 4 Jun 2015 15:59:38 +0800 Subject: [PATCH] =?UTF-8?q?20150604-3=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...lobally Recognized Linux Certifications.md | 172 +++++++++++++++ ...Experience on Linux 'iptables' Firewall.md | 207 ++++++++++++++++++ 2 files changed, 379 insertions(+) create mode 100644 sources/share/20150604 12 Globally Recognized Linux Certifications.md create mode 100644 sources/tech/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md diff --git a/sources/share/20150604 12 Globally Recognized Linux Certifications.md b/sources/share/20150604 12 Globally Recognized Linux Certifications.md new file mode 100644 index 0000000000..714ff31fea --- /dev/null +++ b/sources/share/20150604 12 Globally Recognized Linux Certifications.md @@ -0,0 +1,172 @@ +12 Globally Recognized Linux Certifications +================================================================================ +Hi everyone, today we'll learn about some of the very precious globally recognized Linux Certifications. Linux Certifications are the certification programme hosted by different Linux Professional Institutes across the globe. Linux Certifications allows Linux Professionals to get easily enrolled with the Linux related jobs in servers, companies, etc. Linux Certifications enables how much a person is expertise in that respective field of Linux. There are pretty many Linux Professional Institutes providing different Linux Certifications. But there are some few well recognized Linux Certification Programmes running across the globe which are at high priority while getting a job in companies where we need to manage servers, virtualizations, installations, configurations, application support and other stuffs with Linux Operating System. With the increment of servers running Linux Operating System throughout the globe, the demand of Linux Professional are increasing. For better authenticated and authorized Linux Professional, better and renowned Certifications are always at higher priority by the companies across the globe. + +Here are some globally recognized Linux Certifications that we'll discuss about. + +### 1. CompTIA Linux+ ### + +CompTIA Linux+ is a Linux Certification programme hosted by LPI "Linux Professional Institute" providing knowledge all over the world. It provides knowledge on Linux which enables to produce a bunch of Linux related Professional jobs like Linux Administrators, Junior Network Administrators, Systems Administrators, Linux Database Administrators and Web Administrators. If anyone is aware of installing and maintaining Linux Operating System, this course will help to meet the certification requirements and prepare for the exam by providing with a broad awareness of Linux operating systems. The main objective of CompTIA Linux+ Certification by LPI is to provide the certificate holders enough knowledge on a critical knowledge of installation, operation, administration and troubleshooting devices. We can earn three industry-recognized certifications for the cost, time, and effort of one, by completing the CompTIA Linux+ powered by LPI certification, we can automatically receive the **LPI LPIC-1** and the **SUSE Certified Linux Administrator (CLA)** certifications. + +- **Certification Codes** : LX0-103 and LX0-104 (launches March 30, 2015) OR LX0-101 and LX0-102 +- Number of questions: 60 questions per exam +- Type of Questions: Multiple choice +- Length of test period: 90 minutes +- Prerequisites: A+, Network+ and at least 12 months of Linux administration experience +- Passing score: 500 (on a scale of 200-800) +- Languages: English. Coming soon on German, Portuguese (Brazilian), Traditional Chinese, Spanish. +- Validity: Valid till 3 Years after certified. + +**Note**: Exams from different series cannot be combined. If you start with LX0-101, you MUST take LX0-102 to complete your certification. The same applies for the LX0-103 and LX0-104 series. The LX0-103 and LX0-104 series is an update to the LX0-101 and LX0-102 series. + +### 2. LPIC ### + +LPIC stands for Linux Professional Institute Certification which is a Linux certification programme by Linux Professional Institute. It is a multi level certification program which requires passing of a number (usually two) certification exams for each level. There are three levels of certification which includes Junior Level Certification **LPIC-1**, Advanced Level Certification **LPIC-2** and Senior Level Certification **LPIC-3**. The first two certification aims on **Linux System Administration** whereas the final certification aims on several specialties including Virtualization and Security. To become **LPIC-3** certified, a candidate with an active **LPIC-1** and **LPIC-2** certification must pass at least one of 300 Mixed Environment, 303 Security and 304 Virtualization and High Availability. LPIC-1 certification is designed in such a way that the certification holder will be able to install, maintain, configure tasks running Linux with command line interface with basic networking where as LPIC-2 certification validates candidate to administer small to medium–sized mixed networks. LPIC-3 certification is designed for enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. + +- **Certification Codes** : LPIC-1 (101 and 102), LPIC-2 (201 and 202) and LPIC-3 (300, 303 or 304) +- Type of Questions: 60 Multiple choice questions +- Length of Test Period: 90 minutes +- Prerequisites: None, Linux Essentials is recommended +- Passing Score: 500 (on a scale of 200-800) +- Languages: LPIC-1: English, German, Italian, Portuguese (Brazilian), Spanish (Modern), Chinese (Simplified), Chinese (Traditional), Japanese +- LPIC-2: English, German, Portuguese (Brazilian), Japanese +- LPIC-3: English, Japanese +- Validity: Valid till 5 years of Retirement. + +### 3. Oracle Linux OCA ### + +Oracle Certified Associate (OCA) is designed for the individuals who are interested for a strong foundation of knowledge to implement and administer the Oracle Linux Operating System. This certification expertise individuals on the Oracle Linux distribution that's fully optimized for Oracle products and for running on Oracle's engineered systems including Oracle Exadata Database Machine, Oracle Exalytics In-Memory Machine, Oracle Exalogic Elastic Cloud, and Oracle Database Appliance. Oracle Linux's Unbreakable Enterprise Kernel delivers extreme performance, advanced scalability and reliability for enterprise applications. The OCA certification covers objectives such as managing local disk devices, managing file systems, installing and removing Solaris packages and patches, performing system boot procedures and system processes. It is initial step in achievement of flagship of OCP credential. This certification was formerly known as Sun Certified Solaris Associate (SCSAS). + +- **Certification Codes** : OCA +- Type of Questions: 75 Multiple choice questions +- Length of Test Period: 120 minutes +- Prerequisites: None +- Passing Score: 64% +- Validity: Never Expires + +### 4. Oracle Linux OCP ### + +Oracle Certified Professional (OCP) is the certification provided by Oracle Corporation for Oracle Linux which covers more advanced knowledge and skills of an Oracle Linux Administrator. It covers knowledge such as configuring network interfaces, managing swap configurations, crash dumps, managing applications, databases and core files. OCP certification is benchmark of technical expertise and professional skill needed for developing, implementing, and managing applications, middleware and databases widely in enterprise. Job opportunities for Oracle Linux OCP are increased depending on job market and economy. It is designed such a way that the certificate holder has the ability to perform security administration, prepare Oracle Linux system for Oracle database, troubleshoot problems and perform corrective action, install software packages, installing and configuring kernel modules, maintain swap space, perform User and Group administration, creating file systems, configuring logical volume manager (LVM), file sharing services and more. + +- **Certification Codes** : OCP +- Type of Questions: 60 to 80 Multiple choice questions +- Length of Test Period: 120 minutes +- Prerequisites: Oracle Linux OCA +- Passing Score: 64% +- Validity: Never Expires + +### 5. RHCSA ### + +RHCSA is a certification programme by Red Hat Incorporation as Red Hat Certified System Administrator. RHCSAs are the person who has the skill, and ability to perform core system administrations in the renowned Red Hat Linux environments. It is an initial entry-level certification programme that focuses on actual competencies at system administration, including installation and configuration of a Red Hat Linux system and attaching it to a live network running network services. A Red Hat Certified System Administrator (RHCSA) is able to understand and use essential tools for handling files, directories, command-line environments, and documentation, operate running systems, including booting into different run levels, identifying processes, starting and stopping virtual machines, and controlling services, configure local storage using partitions and logical volumes, create and configure file systems and file system attributes, such as permissions, encryption, access control lists, and network file systemsm, deploy, configure, and maintain systems, including software installation, update, and core services, manage users and groups, including use of a centralized directory for authentication, security, including basic firewall and SELinux configuration. One should be RHCSA certified to gain RHCE and other certifications. + +- **Certification Codes** : RHCSA +- Course Codes: RH124, RH134 and RH199 +- Exam Codes: EX200 +- Length of Test Period: 21-22 hours depending on the elective course choosen. +- Prerequisites: None. Better if has some fundamental knowledge of Linux. +- Passing Score: 210 out of 300 points (70%) +- Validity: 3 years + +### 6. RHCE ### + +RHCE, also known as Red Hat Certified Engineer is a mid to advanced level certification programme for Red Hat Certified System Administrator (RHCSA) who wants to acquire additional skills and knowledge required of a senior system administrator responsible for Red Hat Enterprise Linux. RHCE has the ability, knowledge and skills of configuring static routes, packet filtering, and network address translation, setting kernel runtime parameters, configuring an Internet Small Computer System Interface (iSCSI) initiator, producing and delivering reports on system utilization, using shell scripting to automate system maintenance tasks, configuring system logging, including remote logging, system to provide networking services including HTTP/HTTPS, File Transfer Protocol (FTP), network file system (NFS), server message block (SMB), Simple Mail Transfer Protocol (SMTP), secure shell (SSH) and Network Time Protocol (NTP) and more. RHCSAs who wish to earn a more senior-level credential and who have completed System Administration I, II, and II, or who have completed the RHCE Rapid Track Course is recommended to go for RHCE certification. + +- **Certification Codes** : RHCE +- Course Codes: RH124, RH134, RH254 and RH199 +- Exam Codes: EX200 and EX300 +- Length of Test Period: 21-22 hours depending on the elective course choosen. +- Prerequisites: A RHCSA credential +- Passing Score: 210 out of 300 (70%) +- Validity: 3 years + +### 7. RHCA ### + +RHCA stands for Red Hat Certified Architect which is a certification programme by Red Hat Incorporation. It focuses on actual competencies at system administration, including installation and configuration of a Red Hat Linux system and attaching it to a live network running network services. RHCA is the highest level of certification of all the Red Hat Certifications. Candidates are required to choose the concentration they wish to focus on or can choose any combination of eligible Red Hat certifications to create a custom concentration of their own. There are three main concentration Datacenter, Cloud and Application Platform. RHCA with the concentration of Datacenter has the skills and ability to work, manage a datacenter whereas with the concentration of Cloud has the ability create, configure and manage private, hybrid clouds, cloud application platforms, flexible storage solutions using Red Hat Enterprise Linux Platform. RHCA with the concentration of Application Platform includes skills like installing, configuring and managing Red Hat JBoss Enterprise Application Platform and applications, cloud application platforms and hybrid cloud environments with OpenShift Enterprise by Red Hat and federating data from multiple sources using Red Hat JBoss Data Virtualization. + +- **Certification Codes** : RHCA +- Course Codes: CL210,CL220,CL280, RH236, RH318,RH401,RH413, RH436,RH442,JB248 and JB450 +- Exam Codes: EX333, EX401, EX423 or EX318, EX436 and EX442 +- Length of Test Period: 21-22 hours depending on the elective course choosen. +- Prerequisites: Active RHCE credential +- Passing Score: 210 out of 300 (70%) +- Validity: 3 years + +### 8. SUSE CLA ### + +SUSE Certified Linux Administrator (SUSE CLA) is a initialcertification by SUSE which focuses on daily administration tasks in SUSE Linux Enterprise Server environments. To gain SUSE CLA certification, it is not necessary to perform the course work, one has to pass the examination to get certified. SUSE CLA are capable and has skills to use Linux Desktop, locate and use help resources, manage Linux File System, work with the Linux Shell and Command Line, install SLE 11 SP22, manage system installation, hardware, backup and recovery, administer Linux with YaST, linux processes and services, storage, configure network, remote access, monitor SLE 11 SP2, automate tasks and manage user access and security. We can gain dual certificates of SUSE CLA and LPIC-1 and CompTIA Linux powered by LPI as SUSE, Linux Professional Institute and CompTIA have teamed up to offer you the chance to earn three Linux certifications. + +- **Certification Codes** : SUSE CLA +- Course Codes: 3115, 3116 +- Exam Codes: 050-720, 050-710 +- Type of Questions: multiple choice exams +- Length of Test Period: 90 minutes +- Prerequisites: None +- Passing Score: 512 + +### 9. SUSE CLP ### + +SUSE Certified Linux Professional (CLP) is a certification programme for the one who is interested to gain more seniority and professionalism in SUSE Linux Enterprise Servers. SUSE CLP is the next step after receiving the SUSE CLA certificate. One should pass the examination and should have certification of CLA to gain the certification of CLP thought the candidate has passed the examination of CLP. SUSE CLP certified person has the skills and ability of installing and configuring SUSE Linux Enterprise Server 11 systems, maintaining the file system, managing softwarepackages, processes, printing, configuring fundamental network services, samba, web servers, using IPv6 and creating and running bash shell scripts. + +- **Certification Codes** : SUSE CLP +- Course Codes: 3115, 3116 and 3117 +- Exam Codes: 050-721, 050-697 +- Type of Test: hands on +- Length of Test Period: 180 minute practicum +- Prerequisites: SUSE CLA Certified + +### 10. SUSE CLE ### + +SUSE Certified Linux Engineer (CLE) is an engineer level advanced certification for those candidates who have passed the examination of CLE. To acquire a CLE certificate, one should gain the certificates of SUSE CLA and SUSE CLP. The candidate gaining the CLE certification has the skills of architecting complex SUSE Linux Enterprise Server environments. CLE certified person has the skill to configure fundamental networking services, manage printing, configure and use Open LDAP, samba, web servers, IPv6, perform Health Check and Performance Tuning, create and execute Shell Scripts, deploy SUSE Linux Enterprise, virtualization with Xen and more. + +- **Certification Codes** : SUSE CLE +- Course Codes: 3107 +- Exam Codes: 050-723 +- Type of Test: hands on +- Length of Test Period: 120 minute practicum +- Prerequisites: SUSE CLP 10 or 11 Certified + +### 11. LFCS ### + +Linux Foundation Certified System Admin (LFCS) certified candidates possesses knowledge on the use of Linux and using Linux with the terminal environment. LFCS is a certification programme by Linux Foundation for system administrators and engineers working with the Linux operating system. The Linux Foundation collaborated with industry experts and the Linux kernel community to identify the core domains and the critical skills, knowledge and abilities applicable for the certification. LFCS certified candidates has the skills, knowledge and ability of editing and manipulating text files on the command line, managing and troubleshooting File Systems and Storage, assembling partitions as LVM devices, configuring SWAP partitions, managing networked filesystems, managing user accounts, permissions and ownerships, maintaining security, creating and executing bash shell scripts, installing, upgrading, removing software packages and more. + +- **Certification Codes** : LFCS +- Course Codes: LFS201, LFS220 (Optional) +- Exam Codes: LFCS exam +- Length of Test Period: 2 hours +- Prerequisites: None. +- Passing Score: 74% +- Languages: English +- Validity: 2 years + +### 12. LFCE ### + +Linux Foundation Certified Engineer (LFCE), a certification for Linux Engineers by Linux Foundation. LFCE certified candidates possesses a wider range of skills on Linux than LFCS. It is a engineer-level advanced certification programme. The LFCE certified candidates possesses skills and abilities of Network Administraton like configuring network services, configuring packet filtering, monitor network performance, IP traffics, configuring filesystems and file services, network filesystems, install, update packages from the repositories, managing network security, configuring iptables, http services, proxy servers, email servers and many more. It is believed that LFCE is pretty difficult to pass and study than LFCS as its advanced engineering level certification programme. + +- **Certification Codes** : LFCE +- Course Codes: LFS230 +- Exam Codes: LFCE exam +- Length of Test Period: 2 hours +- Prerequisites: LFCS certified. +- Passing Score: 72% +- Languages: English +- Validity: 2 years + +### Facts we found (This is only our views) ### + +Recent surveys conducted on different top recruitment agency, says 80% of linux job profile preferred Redhat certification. If you are a student / newbie and want to learn linux then we prefer Linux Foundation Certifications as its getting much popular or CompTIA Linux would be also a choice. If you already know oracle or suse or working on their products then would prefer oracle / suse linux or if you working in an company these certification might enhance your career growth :-) + +### Conclusion ### + +There are thousands of big companies in this world running servers and mainframes running Linux Operating System, to handle, configure and work on those servers there is always a need of highly qualified and certified Linux Technical/Professional. These globally recognized Linux certificates has a big role of someones career in Linux. The companies around the world running Linux and wanting Linux Engineers, System Administrators and ethusiasts chooses one who has gained certificates and has good score in the related field of Linux. Globally recognized certifications are highly essential for excellence in the profession and career in Linux, so preparing best for the examination and getting the certification is a good choice for building career in Linux. If you have any questions, comments, feedback please do write on the comment box below and let us know what stuffs needs to be added or improved. Thank You! :-) + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/12-globally-recognized-linux-certifications/ + +作者:[Arun Pyasi][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arunp/ \ No newline at end of file diff --git a/sources/tech/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md b/sources/tech/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md new file mode 100644 index 0000000000..2ba7334580 --- /dev/null +++ b/sources/tech/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md @@ -0,0 +1,207 @@ +Nishita Agarwal Shares Her Interview Experience on Linux ‘iptables’ Firewall +================================================================================ +Nishita Agarwal, a frequent Tecmint Visitor shared her experience (Question and Answer) with us regarding the job interview she had just given in a privately owned hosting company in Pune, India. She was asked a lot of questions on a variety of topics however she is an expert in iptables and she wanted to share those questions and their answer (she gave) related to iptables to others who may be going to give interview in near future. + +![Linux Firewall Iptables Interview Questions](http://www.tecmint.com/wp-content/uploads/2015/05/Linux-iptables-Interview-Questions.jpg) + +All the questions and their Answer are rewritten based upon the memory of Nishita Agarwal. + +> “Hello Friends! My name is **Nishita Agarwal**. I have Pursued Bachelor Degree in Technology. My area of Specialization is UNIX and Variants of UNIX (BSD, Linux) fascinates me since the time I heard it. I have 1+ years of experience in storage. I was looking for a job change which ended with a hosting company in Pune, India.” + +Here is the collection of what I was asked during the Interview. I’ve documented only those questions and their answer that were related to iptables based upon my memory. Hope this will help you in cracking your Interview. + +### 1. Have you heard of iptables and firewall in Linux? Any idea of what they are and for what it is used? ### + +> **Answer** : I’ve been using iptables for quite long time and I am aware of both iptables and firewall. Iptables is an application program mostly written in C Programming Language and is released under GNU General Public License. Written for System administration point of view, the latest stable release if iptables 1.4.21.iptables may be considered as firewall for UNIX like operating system which can be called as iptables/netfilter, more accurately. The Administrator interact with iptables via console/GUI front end tools to add and define firewall rules into predefined tables. Netfilter is a module built inside of kernel that do the job of filtering. +> +> Firewalld is the latest implementation of filtering rules in RHEL/CentOS 7 (may be implemented in other distributions which I may not be aware of). It has replaced iptables interface and connects to netfilter. + +### 2. Have you used some kind of GUI based front end tool for iptables or the Linux Command Line? ### + +> **Answer** : Though I have used both the GUI based front end tools for iptables like Shorewall in conjugation of [Webmin][1] in GUI and Direct access to iptables via console.And I must admit that direct access to iptables via Linux console gives a user immense power in the form of higher degree of flexibility and better understanding of what is going on in the background, if not anything other. GUI is for novice administrator while console is for experienced. + +### 3. What are the basic differences between between iptables and firewalld? ### + +> **Answer** : iptables and firewalld serves the same purpose (Packet Filtering) but with different approach. iptables flush the entire rules set each time a change is made unlike firewalld. Typically the location of iptables configuration lies at ‘/etc/sysconfig/iptables‘ whereas firewalld configuration lies at ‘/etc/firewalld/‘, which is a set of XML files.Configuring a XML based firewalld is easier as compared to configuration of iptables, however same task can be achieved using both the packet filtering application ie., iptables and firewalld. Firewalld runs iptables under its hood along with it’s own command line interface and configuration file that is XML based and said above. + +### 4. Would you replace iptables with firewalld on all your servers, if given a chance? ### + +> **Answer** : I am familiar with iptables and it’s working and if there is nothing that requires dynamic aspect of firewalld, there seems no reason to migrate all my configuration from iptables to firewalld.In most of the cases, so far I have never seen iptables creating an issue. Also the general rule of Information technology says “why fix if it is not broken”. However this is my personal thought and I would never mind implementing firewalld if the Organization is going to replace iptables with firewalld. + +### 5. You seems confident with iptables and the plus point is even we are using iptables on our server. ### + +What are the tables used in iptables? Give a brief description of the tables used in iptables and the chains they support. + +> **Answer** : Thanks for the recognition. Moving to question part, There are four tables used in iptables, namely they are: +> +> Nat Table +> Mangle Table +> Filter Table +> Raw Table +> +> Nat Table : Nat table is primarily used for Network Address Translation. Masqueraded packets get their IP address altered as per the rules in the table. Packets in the stream traverse Nat Table only once. ie., If a packet from a jet of Packets is masqueraded they rest of the packages in the stream will not traverse through this table again. It is recommended not to filter in this table. Chains Supported by NAT Table are PREROUTING Chain, POSTROUTING Chain and OUTPUT Chain. +> +> Mangle Table : As the name suggests, this table serves for mangling the packets. It is used for Special package alteration. It can be used to alter the content of different packets and their headers. Mangle table can’t be used for Masquerading. Supported chains are PREROUTING Chain, OUTPUT Chain, Forward Chain, INPUT Chain, POSTROUTING Chain. +> +> Filter Table : Filter Table is the default table used in iptables. It is used for filtering Packets. If no rules are defined, Filter Table is taken as default table and filtering is done on the basis of this table. Supported Chains are INPUT Chain, OUTPUT Chain, FORWARD Chain. +> +> Raw Table : Raw table comes into action when we want to configure packages that were exempted earlier. It supports PREROUTING Chain and OUTPUT Chain. + +### 6. What are the target values (that can be specified in target) in iptables and what they do, be brief! ### + +> **Answer** : Following are the target values that we can specify in target in iptables: +> +> ACCEPT : Accept Packets +> QUEUE : Paas Package to user space (place where application and drivers reside) +> DROP : Drop Packets +> RETURN : Return Control to calling chain and stop executing next set of rules for the current Packets in the chain. + + +### 7. Lets move to the technical aspects of iptables, by technical I means practical. ### + +How will you Check iptables rpm that is required to install iptables in CentOS?. + +> **Answer** : iptables rpm are included in standard CentOS installation and we do not need to install it separately. We can check the rpm as: +> +> # rpm -qa iptables +> +> iptables-1.4.21-13.el7.x86_64 +> +> If you need to install it, you may do yum to get it. +> +> # yum install iptables-services + +### 8. How to Check and ensure if iptables service is running? ### + +> **Answer** : To check the status of iptables, you may run the following command on the terminal. +> +> # service status iptables [On CentOS 6/5] +> # systemctl status iptables [On CentOS 7] +> +> If it is not running, the below command may be executed. +> +> ---------------- On CentOS 6/5 ---------------- +> # chkconfig --level 35 iptables on +> # service iptables start +> +> ---------------- On CentOS 7 ---------------- +> # systemctl enable iptables +> # systemctl start iptables +> +> We may also check if the iptables module is loaded or not, as: +> +> # lsmod | grep ip_tables + +### 9. How will you review the current Rules defined in iptables? ### + +> **Answer** : The current rules in iptables can be review as simple as: +> +> # iptables -L +> +> Sample Output +> +> Chain INPUT (policy ACCEPT) +> target prot opt source destination +> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED +> ACCEPT icmp -- anywhere anywhere +> ACCEPT all -- anywhere anywhere +> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh +> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited +> +> Chain FORWARD (policy ACCEPT) +> target prot opt source destination +> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited +> +> Chain OUTPUT (policy ACCEPT) +> target prot opt source destination + +### 10. How will you flush all iptables rules or a particular chain? ### + +> **Answer** : To flush a particular iptables chain, you may use following commands. +> +> +> # iptables --flush OUTPUT +> +> To Flush all the iptables rules. +> +> # iptables --flush + +### 11. Add a rule in iptables to accept packets from a trusted IP Address (say 192.168.0.7) ### + +> **Answer** : The above scenario can be achieved simply by running the below command. +> +> # iptables -A INPUT -s 192.168.0.7 -j ACCEPT +> +> We may include standard slash or subnet mask in the source as: +> +> # iptables -A INPUT -s 192.168.0.7/24 -j ACCEPT +> # iptables -A INPUT -s 192.168.0.7/255.255.255.0 -j ACCEPT + +### 12. How to add rules to ACCEPT, REJECT, DENY and DROP ssh service in iptables. ### + +> **Answer** : Hoping ssh is running on port 22, which is also the default port for ssh, we can add rule to iptables as:To ACCEPT tcp packets for ssh service (port 22). +> +> # iptables -A INPUT -s -p tcp - -dport -j ACCEPT +> +> To REJECT tcp packets for ssh service (port 22). +> +> # iptables -A INPUT -s -p tcp - -dport -j REJECT +> +> To DENY tcp packets for ssh service (port 22). +> +> +> # iptables -A INPUT -s -p tcp - -dport -j DENY +> +> To DROP tcp packets for ssh service (port 22). +> +> +> # iptables -A INPUT -s -p tcp - -dport -j DROP + +### 13. Let me give you a scenario. Say there is a machine the local ip address of which is 192.168.0.6. You need to block connections on port 21, 22, 23, and 80 to your machine. What will you do? ### + +> **Answer** : Well all I need to use is the ‘multiport‘ option with iptables followed by port numbers to be blocked and the above scenario can be achieved in a single go as. +> +> # iptables -A INPUT -s 192.168.0.6 -p tcp -m multiport --dport 22,23,80,8080 -j DROP +> +> The written rules can be checked using the below command. +> +> # iptables -L +> +> Chain INPUT (policy ACCEPT) +> target prot opt source destination +> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED +> ACCEPT icmp -- anywhere anywhere +> ACCEPT all -- anywhere anywhere +> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh +> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited +> DROP tcp -- 192.168.0.6 anywhere multiport dports ssh,telnet,http,webcache +> +> Chain FORWARD (policy ACCEPT) +> target prot opt source destination +> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited +> +> Chain OUTPUT (policy ACCEPT) +> target prot opt source destination + +**Interviewer** : That’s all I wanted to ask. You are a valuable employee we won’t like to miss. I will recommend your name to the HR. If you have any question you may ask me. + +As a candidate I don’t wanted to kill the conversation hence keep asking about the projects I would be handling if selected and what are the other openings in the company. Not to mention HR round was not difficult to crack and I got the opportunity. + +Also I would like to thank Avishek and Ravi (whom I am a friend since long) for taking the time to document my interview. + +Friends! If you had given any such interview and you would like to share your interview experience to millions of Tecmint readers around the globe? then send your questions and answers to admin@tecmint.com. + +Thank you! Keep Connected. Also let me know if I could have answered a question more correctly than what I did. + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/linux-firewall-iptables-interview-questions-and-answers/ + +作者:[Avishek Kumar][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/avishek/ +[1]:http://www.tecmint.com/install-webmin-web-based-system-administration-tool-for-rhel-centos-fedora/ \ No newline at end of file