CompTIA Linux+ (XK0-004) — Question 135

A Linux administrator needs to configure a new firewall without an existing ACL to allow incoming web traffic. The firewall must log the allowed network traffic.
Which of the following command sequences would accomplish this task when they are executed in order?

Answer options

• A. iptables ג€"A INPUT ג€"p tcp --dport 80 ג€"J LOG iptables ג€"A INPUT ג€"p tcp --dport 443 ג€"J LOG iptables ג€"I INPUT ג€"p tcp --dport 80 ג€"J ACCEPT iptables ג€"I INPUT ג€"p tcp --dport 443 ג€"J ACCEPT
• B. iptables ג€"I INPUT ג€"m multiport ג€"p tcp --dports 80,443 ג€"J LOG iptables ג€"I INPUT ג€"m multiport ג€"p tcp --dports 80,443 ג€"J ACCEPT
• C. iptables ג€"A INPUT ג€"m multiport ג€"p tcp --dports 80,443 ג€"J LOG iptables ג€"A INPUT ג€"m multiport ג€"p tcp --dports 80,443 ג€"J ACCEPT
• D. iptables ג€"A INPUT ג€"p tcp --dport 80 ג€"J ACCEPT iptables ג€"A INPUT ג€"p tcp --dport 443 ג€"J ACCEPT iptables ג€"A INPUT ג€"p tcp --dport 80 ג€"J LOG iptables ג€"A INPUT ג€"p tcp --dport 443 ג€"J LOG

Correct answer: A

Explanation

The correct answer, A, first logs incoming traffic on ports 80 and 443 and then allows that traffic, ensuring both logging and acceptance occur. Other options do not correctly log before accepting or utilize the correct order of commands needed for logging allowed traffic.