LPIC-2 Exam 202 (Linux Engineer) — Question 74

When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

Answer options

• A. All traffic to localhost must always be allowed
• B. It doesn't matter; netfilter never affects packets addressed to localhost
• C. Some applications use the localhost interface to communicate with other applications
• D. syslogd receives messages on localhost
• E. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

Correct answer: C

Explanation

The correct answer is C because some applications rely on the localhost interface to communicate with each other, and blocking this traffic could lead to application failures. Options A and B are incorrect as they oversimplify the situation; not all traffic must be allowed, and netfilter can indeed affect localhost packets if not explicitly permitted. Options D and E, while true statements, do not encompass the broader need for inter-application communication over localhost.