Policies- i need help with this practice question before my exam!!!

spenser.w · 05-09-2011, 07:56 AM

HI EVERYONE I NEED HELP WITH THIS POLICY AND CONTROLS PRACTICE QUESTION BEFORE MY EXAM, IF YOU COULD TELL ME THE COMMANDS TO HELP ME OUT I WOULD BE SO GRATEFUL. AS YOU CAN THE FORMATTING FOR THE NETWORK DIAGRAM IS AWFUL BUT A ROUGH OUTLINEOF THE COMMANDS WOULD BE USEFUL. THANKS GUYS!

Code:


  

                     W
              172.28.95.32/28
      --+------------+-------------+--              tap
        |            |             |           146.227.150.0/24
        |.42         |.41          |.46        +-----------------
     +-----+      +-----+       +-----+        |
     | m2  |      | m1  |       | m19 |    .55 |
     +-----+      +-----+       |     |--------+
                                +-----+        |
                     X                         |
              172.28.96.64/26                  |     .254 +----+ 146.227.2.1
      --+------------+-------------+--         +----------|gw1 |-- Internet ->>>
        |            |             |           |    (eth1)+----+(eth0)
        |.107        |.106         |.105       |
     +-----+      +-----+       +-----+        |
     | m7  |      | m6  |       | m5  |    .56 |
     +-----+      +-----+       |     |--------+
                                +-----+        |
                     Y                         |
             172.28.97.168/29                  |     .220 +-----+
      --+------------+-------------+--         +----------|dns1 |
        |            |             |           |          +-----+
        |.173        |.172   (eth0)|.171       |
   +-----+      +-----+       +-----+        |    | m13 |      | m12 |       | m11 |    .57 |
     +-----+      +-----+    |           |--------+
                                +-----+(eth1)  |
                     Z                         |
              172.28.98.128/25                 |
      --+------------+-------------+--         |
        |            |             |           |
        |.235        |.234         |.233       |
  +-----+      +-----+       +-----+        |
     | m17 |      | m16 |       | m15 |    .58 |
     +-----+      +-----+       |            |--------+
                                +-----+        |

In the network diagram Fig B1, gw1 is an exterior firewall of an organisation, implemented in Linux. In the following descriptions:
- "inbound" refers to traffic arriving from the Internet, to gw1 on eth0.
- "outbound" refers to traffic leaving for the Internet, from gw1 on eth0.
Organisational policy includes the following statements:
- only machine dns1 may make outbound DNS requests (UDP port 53) to the Internet and get back the associated replies.
- no other inbound or outbound UDP traffic is permitted.
Using the "iptables" instruction, construct firewall rules to implement controls that will enforce these policy statements. Note that for the purposes of this exam question, it is acceptable (even desirable) to lay each rule out on several lines where each line represents a logical chunk within the overall rule. Leave a blank line between each rule.

acid_kewpie · 05-09-2011, 08:07 AM

Sorry, no. We aren't here to do your work for you, especially given the state of what you've posted. You need to ask specific tagergeted questions, not just cut and paste entire things in here.

btw, see that rectangular button near your little finger on your left hand? The one with "Caps Lock" written on it? Press it.

spenser.w · 05-09-2011, 09:21 AM

Quote:

Originally Posted by acid_kewpie

Sorry, no. We aren't here to do your work for you, especially given the state of what you've posted. You need to ask specific tagergeted questions, not just cut and paste entire things in here.

btw, see that rectangular button near your little finger on your left hand? The one with "Caps Lock" written on it? Press it.

Well as it's a question, I thought a genuine, non-selfish, kind person would be able to help me with this question to put me on the right tracks. As I clearly did state I am aware the diagram is messy. But in all respects, i'm just looking for some basic Linux commands relating to iptables that set networking policies. Clearly 'acid_kewpie' you either have no idea how to answer this question or your just a inconsiderate nerd that like to demoralise people. Caps Lock? no shit, you're just full of wisdom.

acid_kewpie · 05-09-2011, 09:30 AM

Start by editing your post and putting "[code]" tags aroung the network layout and it might start making some sense.

sycamorex · 05-09-2011, 09:49 AM

Quote:

But in all respects, i'm just looking for some basic Linux commands relating to iptables that set networking policies.

Have you tried reading iptables tutorials, eg: http://wiki.centos.org/HowTos/Network/IPTables

Not providing you with answers is not being selfish. You'll benefit much more if you research the problem yourself (read tutorials/documentation) and ask specific questions when you're stuck at some point.

When you enter a community like Linuxquestions, it'd be advisable to respect its rules. Have a look at:
http://www.catb.org/~esr/faqs/smart-questions.html

Quote:

Clearly 'acid_kewpie' you either have no idea how to answer this question or your just a inconsiderate nerd that like to demoralise people. Caps Lock? no shit, you're just full of wisdom.

Having an unjustified go at an LQ member (especially a moderator) will not help you get a response.

spenser.w · 05-09-2011, 10:01 AM

Quote:

Originally Posted by sycamorex

Have you tried reading iptables tutorials, eg: http://wiki.centos.org/HowTos/Network/IPTables

Not providing you with answers is not being selfish. You'll benefit much more if you research the problem yourself (read tutorials/documentation) and ask specific questions when you're stuck at some point.

When you enter a community like Linuxquestions, it'd be advisable to respect its rules. Have a look at:
http://www.catb.org/~esr/faqs/smart-questions.html

Having an unjustified go at an LQ member (especially a moderator) will not help you get a response.

It's hardly unjustified is it? If a LQ member (in this case a moderator) feels that it is their duty to patronize people trying to progress in their life, by making unecessary remarks, then you tell me what is justifiable? A clear and simple answer could have been given without being fosecious... But as I got some information from the moderator to tidy up my enquiry I am grateful, and this is the sort of good communication I was expecting

spenser.w · 05-09-2011, 10:06 AM

Thank you, for the link. This is useful to me and non-patronizing, this is all i wanted. I may be new this site but i am sure familiar with forumns and didn't expect this LQ's.