RHCSA v6 (not 7) - Can you "iptables -F" on the exam?
devhda
Member Posts: 11 ■□□□□□□□□□
Hi,
I'm going to try to pass RHCSA version 6 (not 7, yes, I know, I'm already late...
) in a few weeks.
Two questions:
1 - Can I safely turn off the firewall via "iptables -F" on the exam?
2 - If I do that, can I safely omit typing these lines if I'm I asked to configure a vsftpd server?
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Edit the /etc/sysconfig/iptables-config file and change the IPTABLES_MODULES directive:
IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"
What do you think?
I'm going to try to pass RHCSA version 6 (not 7, yes, I know, I'm already late...
) in a few weeks.Two questions:
1 - Can I safely turn off the firewall via "iptables -F" on the exam?
2 - If I do that, can I safely omit typing these lines if I'm I asked to configure a vsftpd server?
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Edit the /etc/sysconfig/iptables-config file and change the IPTABLES_MODULES directive:
IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"
What do you think?
Comments
-
hiddenknight821
Member Posts: 1,209 ■■■■■■□□□□
I'll just leave the link to the EX200 RHEL6 objectives here. Take a look at the first bullet listed under Manage Security. They're nice enough to make an implication here. You need to follow the specific instructions when you take the test. Try not to do more or less than what's being asked to save you time and headache. -
asummers
Member Posts: 157
Hi,
I'm going to try to pass RHCSA version 6 (not 7, yes, I know, I'm already late... ) in a few weeks.
Two questions:
1 - Can I safely turn off the firewall via "iptables -F" on the exam?
2 - If I do that, can I safely omit typing these lines if I'm I asked to configure a vsftpd server?
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Edit the /etc/sysconfig/iptables-config file and change the IPTABLES_MODULES directive:
IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"
What do you think?
I would assume that the firewall maintains the servers security posture and therefore would not suggest turning it off. That being said, if the exam doesn't say anything about enabling a firewall - then you *should* be ok
For your FTP question use system-config-firewall and enable ftp service. That tool updates all files and adds the horrible modules line into the relevant file -
devhda
Member Posts: 11 ■□□□□□□□□□
Hi, thanks for your replies!
I think that hiddenknight821 points the questions towards the right direction and asummers is detailed enough in his answer.
In other words: I won't disable anything and follow the system-config-firewall path to avoid headaches on the exam.
Thanks guys!
-
asummers
Member Posts: 157
Hi, thanks for your replies!
I think that hiddenknight821 points the questions towards the right direction and asummers is detailed enough in his answer.
In other words: I won't disable anything and follow the system-config-firewall path to avoid headaches on the exam.
Thanks guys!
Good luck