HI EVERYONE I NEED HELP WITH THIS POLICY AND CONTROLS PRACTICE QUESTION BEFORE MY EXAM, IF YOU COULD TELL ME THE COMMANDS TO HELP ME OUT I WOULD BE SO GRATEFUL. AS YOU CAN THE FORMATTING FOR THE NETWORK DIAGRAM IS AWFUL BUT A ROUGH OUTLINEOF THE COMMANDS WOULD BE USEFUL. THANKS GUYS!
Code:
W
172.28.95.32/28
--+------------+-------------+-- tap
| | | 146.227.150.0/24
|.42 |.41 |.46 +-----------------
+-----+ +-----+ +-----+ |
| m2 | | m1 | | m19 | .55 |
+-----+ +-----+ | |--------+
+-----+ |
X |
172.28.96.64/26 | .254 +----+ 146.227.2.1
--+------------+-------------+-- +----------|gw1 |-- Internet ->>>
| | | | (eth1)+----+(eth0)
|.107 |.106 |.105 |
+-----+ +-----+ +-----+ |
| m7 | | m6 | | m5 | .56 |
+-----+ +-----+ | |--------+
+-----+ |
Y |
172.28.97.168/29 | .220 +-----+
--+------------+-------------+-- +----------|dns1 |
| | | | +-----+
|.173 |.172 (eth0)|.171 |
+-----+ +-----+ +-----+ | | m13 | | m12 | | m11 | .57 |
+-----+ +-----+ | |--------+
+-----+(eth1) |
Z |
172.28.98.128/25 |
--+------------+-------------+-- |
| | | |
|.235 |.234 |.233 |
+-----+ +-----+ +-----+ |
| m17 | | m16 | | m15 | .58 |
+-----+ +-----+ | |--------+
+-----+ |
In the network diagram Fig B1, gw1 is an exterior firewall of an organisation, implemented in Linux. In the following descriptions:
- "inbound" refers to traffic arriving from the Internet, to gw1 on eth0.
- "outbound" refers to traffic leaving for the Internet, from gw1 on eth0.
Organisational policy includes the following statements:
- only machine dns1 may make outbound DNS requests (UDP port 53) to the Internet and get back the associated replies.
- no other inbound or outbound UDP traffic is permitted.
Using the "iptables" instruction, construct firewall rules to implement controls that will enforce these policy statements. Note that for the purposes of this exam question, it is acceptable (even desirable) to lay each rule out on several lines where each line represents a logical chunk within the overall rule. Leave a blank line between each rule.