Firewall Filter Configurations: Important Points and Examples

Firewall Filter Configurations

Q: Which two statements are true about firewall filter configurations? (Choose two.)

Multiple action modifiers can be included in the same term.The default term within a firewall filter uses the discard action.

Prev Question Next Question

Question

Which two statements are true about firewall filter configurations? (Choose two.)

Answers

A. Multiple action modifiers can be included in the same term.

B. Only a single action modifier can be included in the same term.

C. The default term within a firewall filter uses the discard action.

D. The default term within a firewall filter uses the reject action.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A firewall filter is a set of rules that allows or blocks traffic based on specified criteria. Firewall filters can be applied to various types of traffic, such as traffic entering or leaving an interface, traffic between routing instances, or traffic within a virtual network.

Let's now analyze each statement in turn:

A. Multiple action modifiers can be included in the same term. This statement is true. A term in a firewall filter defines a set of matching conditions and an action to be taken when the conditions are met. The action can be a single modifier, such as "discard" or "reject," or a combination of modifiers, such as "log" and "count." Therefore, it is possible to have multiple action modifiers in the same term. For example, the following term discards and logs matching traffic:

css
term term1 {     from {         source-address 192.0.2.0/24;         protocol tcp;     }     then {         discard;         log;     } }

B. Only a single action modifier can be included in the same term. This statement is false, as explained above.

C. The default term within a firewall filter uses the discard action. This statement is true. The default term in a firewall filter is applied to traffic that does not match any of the defined terms. By default, the action taken by the default term is "discard," which drops the traffic without generating any notification to the sender or receiver.

D. The default term within a firewall filter uses the reject action. This statement is false. The default action of the default term is "discard," not "reject." The "reject" action is similar to "discard" in that it drops the traffic, but it also generates an ICMP message to the sender indicating that the traffic was rejected. To use the "reject" action in the default term, you can define a new term with the "reject" action and place it before the default term. For example:

css
term term0 {     then {         reject;     } }  term term1 {     from {         source-address 192.0.2.0/24;         protocol tcp;     }     then {         discard;         log;     } }

In this case, if the incoming traffic matches the conditions of term0, it will be rejected and the sender will be notified with an ICMP message. If the traffic does not match term0 or term1, it will be discarded by the default term.

In summary, statements A and C are true, and statements B and D are false.

Prev Question Next Question