How to Block Outbound SSH Connections on a Linux Firewall
Question
A network administrator is tasked to block all outbound SSH connections on the default port from a network subnet of 10.152.8.0/21 on a Linux based firewall.
Which of the following rule sets would accomplish this task?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The correct answer for this question is (A) iptables -i OUTPUT -d 10.152.8.0/21 -p TCP --dport 22 -j REJECT.
Let's break down the command:
- iptables: the command to manage firewall rules in Linux.
- -i OUTPUT: specifies the outbound traffic interface.
- -d 10.152.8.0/21: specifies the destination network subnet that needs to be blocked.
- -p TCP: specifies the protocol to be blocked, which in this case is TCP.
- --dport 22: specifies the destination port number, which in this case is the default port used for SSH connections.
- -j REJECT: specifies the action to be taken if the traffic matches the above criteria, which in this case is to reject the traffic.
Therefore, the above iptables command will block all outbound SSH connections on the default port from the network subnet of 10.152.8.0/21 on a Linux based firewall.
Option (B) iptables -i OUTPUT -d 10.152.8.0/21 -p TCP --dport 23 -j REJECT is incorrect because it blocks traffic on port 23, which is the default port for Telnet, not SSH.
Option (C) iptables -i OUTPUT -d 10.152.8.0/21 -p TCP --dport 22 -j ACCEPT is incorrect because it allows traffic on port 22 instead of blocking it.
Option (D) iptables -i OUTPUT -d 10.152.8.0/21 -p TCP --dport 23 -j ACCEPT is also incorrect because it allows traffic on port 23, which is not the default port for SSH.
