CompTIA Linux+ (XK0-004) — Question 150

A Linux administrator built a GitLab server. Later that day, a software engineer tried to access the server to upload the repository during the final step of installation. The software engineer could not access the website. Which of the following firewall rules would allow access to this site?

Answer options

• A. iptables ג€"A INPUT ג€"p tcp ג€"m multiport --dports 80,443 ג€"m conntrack ג€"cstate NEW, ESTABLISHED ג€"j ACCEPT
• B. iptables ג€"A INPUT ג€"p tcp ג€"m multiport --dports 80,443 ג€"m conntrack ג€"cstate ESTABLISHED ג€"j ACCEPT
• C. iptables ג€"A INPUT ג€"p tcp ג€"m multiport --dports 80,443 ג€"m conntrack ג€"cstate RELATED, ESTABLISHED ג€"j ACCEPT
• D. iptables ג€"A INPUT ג€"p tcp ג€"m multiport --dports 80,443 ג€"m conntrack ג€"cstate NEW, ESTABLISHED ג€"j REJECT

Correct answer: C

Explanation

The correct answer is C because it allows traffic that is related to existing connections and established connections on ports 80 and 443, which are necessary for web traffic. Option A incorrectly allows NEW connections but also accepts ESTABLISHED, which is less restrictive than necessary. Option B only allows ESTABLISHED connections and does not permit new connections, and option D outright rejects new connections, preventing any access.