WEBVTT

00:01.730 --> 00:09.020
In this lecture, we'll see if they accept and drop targets again, it's more like a recap because we've

00:09.020 --> 00:11.950
already used them in so many examples.

00:12.620 --> 00:16.610
Both accept and drop are terminating targets.

00:17.980 --> 00:25.000
If a packet is matched against a ruler that has the accept or drop target, the packet is accepted or

00:25.000 --> 00:27.910
dropped and will not traverse the chain any more.

00:28.570 --> 00:30.460
Let me show you an example.

00:32.360 --> 00:40.670
I want to permit incoming pink pancakes only from a management station or from a single IP address before

00:40.670 --> 00:41.670
getting started.

00:41.690 --> 00:49.100
I want to explain to you what pink means in case you don't know, being is a utility comment available

00:49.100 --> 00:50.870
in any operating system.

00:51.080 --> 00:58.310
And it serves two primary purposes to check if the destination host is available and to measure the

00:58.310 --> 01:06.500
round trip time for messages sent from the originating host to a destination host that are echoed back

01:06.500 --> 01:07.250
to the source.

01:08.620 --> 01:17.260
According to Wikipedia, the name Ping comes from active sonar technology that sends a pulse of sound

01:17.260 --> 01:25.990
and listens for the echo to detect objects underwater ping or breaks by sending Internet control message

01:25.990 --> 01:33.380
protocol or ICMP echo request packets to the target host and waiting for ICMP reply packets.

01:33.910 --> 01:42.550
So allowing ping means, in fact allowing incoming ICMP echo request packets and outgoing ICMP echo

01:42.550 --> 01:43.540
reply packets.

01:44.690 --> 01:53.360
Lix seeks Help IAPT plus minus B ICMP, the protocol is ICMP minus minus help.

01:58.700 --> 02:07.910
We notice that we specify the type of ICMP packet using minus minus ICMP minus type, and these are

02:08.120 --> 02:10.430
all available ICMP types.

02:13.120 --> 02:17.440
Among them, we a reply and echo request.

02:19.850 --> 02:27.110
In this example, I'll write type table rules only for the input chain, so for incoming traffic, particular

02:27.150 --> 02:31.050
right IP table rules for the output chains as well.

02:31.580 --> 02:39.740
So the first rule will allow incoming ICMP packets of Type A. request if the source IP address is that

02:39.740 --> 02:41.140
of the management host.

02:42.350 --> 02:48.920
In this example, I'll consider the management host as being the Windows recording machine, which has

02:48.920 --> 02:50.000
the IP address.

02:53.460 --> 02:59.190
190 to 168 to zero that 112.

03:05.250 --> 03:16.080
IP table is minus A input, minus B, ICMP minus minus ICMP, minus type echo, minus request.

03:18.480 --> 03:19.500
Minus is.

03:22.960 --> 03:31.390
192 dot, 168 dot zero, that 112 minus G except.

03:35.100 --> 03:42.840
And the second rule that will drop all incoming ICMP request Bishkek's if the source address is another

03:42.840 --> 03:44.960
host, not the management station.

03:45.840 --> 03:57.750
So IP table is minus 18, both minus ICMP minus minus ICMP minus type Akko request minus J drop.

03:58.140 --> 04:02.330
In fact, it's the same rule without the minus option.

04:02.490 --> 04:07.050
So without the source IP address, let's test it.

04:08.060 --> 04:18.200
If al-Bakhit with the source IP address 192 dot 168, dot zero, dot 112 is coming, it will be accepted

04:18.200 --> 04:22.140
by the first one being a terminating target.

04:22.160 --> 04:28.910
The packet will not be evaluated by the second goal, which of course would drop it if it evaluated

04:28.910 --> 04:29.570
the packet.

04:30.730 --> 04:34.240
From the management station, I'm going to ping Linux on.

04:37.280 --> 04:43.160
And pink is working perfect, and I think the viral.

04:44.650 --> 04:47.520
And we see mixed paychecks by the first toll.

04:49.690 --> 04:56.690
Now, if an equal request packet is coming from another IP address, the first rule will not make.

04:57.040 --> 04:59.740
And the second one will drop the packet.

05:01.060 --> 05:02.980
Let's bring it from Lennox to.

05:08.410 --> 05:12.800
And we notice that Linux, too, is not receiving anything back.

05:13.300 --> 05:19.870
The second rule is dropping any Akko request packets coming from another source IP address.

05:23.570 --> 05:26.900
There are 37 dropped packets by the second.