CompTIA Linux+ (XK0-005) — Question 182

A Linux engineer needs to block an incoming connection from the IP address 2.2.2.2 to a secure shell server and ensure the originating IP address receives a response that a firewall is blocking the connection. Which of the following commands can be used to accomplish this task?

Answer options

• A. iptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j DROP
• B. iptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j RETURN
• C. iptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j REJECT
• D. iptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j QUEUE

Correct answer: C

Explanation

The correct answer is C because the REJECT target will both block the connection and send a response to the originating IP address indicating that the connection was rejected. Option A (DROP) does not send a response, making it ineffective for this requirement. Option B (RETURN) does not block the connection from the specified IP, and option D (QUEUE) is used for passing packets to user space for further processing, which is not the goal here.