How to solve these challenges:

• Write your solution as root at the terminal or inside a shell script, make the script file executable and run it.

• If your solution is not correct, then try to understand the error messages, rewrite the solution and execute the command or script again. Repeat this step until you get the correct solution.

• Save the solution in a file for future reference or recap.

Challenge #1

Write the iptables commands that set the default POLICY to ACCEPT on INPUT and OUTPUT chains and DROP on FORWARD chain.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #2

Write the iptables command that lists only the filter table of INPUT chain.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #3

Write the iptables command that flushes the filter table of all chains.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #4

Write an iptables rule that drops all incoming packets to port 22/tcp (ssh). This should be the first rule in the chain.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #5

Write the iptables commands that flush all the tables of all chains and set the ACCEPT policy on all chains. This will delete any firewall.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #6

Write the iptables rules that drop all incoming packets from 100.0.0.1 and 1.2.3.4 and all outgoing packets to 80.0.0.1

These will be the first rules in the chains.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #7

Write the iptables rules that drop all outgoing generated packets of type tcp (port 80 and 443) to www.linuxquestions.org

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #8

Write the iptables rules that drop all outgoing packets of type tcp (port 80 and 443) to www.linuxquestions.org

The Linux machine is the router.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #9

Write an iptables rule that drops all incoming packets from network 27.103.0.0 255.255.0.0

This will be the first rule in the chain.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #10

The DNS Server of your LAN is set to 8.8.8.8. You don't want to allow the users of the LAN to change the DNS server.

Write an iptables rule in order to drop all UDP packets to port 53 (DNS) if they are destined to another IP address (not to 8.8.8.8). The Linux Machine is the Router.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #11

Create a firewall script for your Laptop that runs Linux. All outgoing traffic is allowed but only the return incoming traffic is permitted. No services are running on the laptop.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #12

The MAC Address of the LAN Router is b4:6d:83:77:85:f5

Write a single iptables rule that allows the communication of your Linux host only with the router. It cannot communicate with other hosts inside the same LAN. Do not modify the policy.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #13

Write the iptables rules that permit outgoing web traffic (tcp ports 80 and 443) only between 10:00 and 18:00 UTC.

Are you stuck? Do you want to see the solution for this exercise? Click here.

Challenge #14

Consider Challenge #13. Add a match to allow web traffic only on the weekend between 10:00 and 18:00 UTC.

Are you stuck? Do you want to see the solution for this exercise? Click here.