Application Security - Task failed

Hello guys,

Task regarding the application security in which we have to create rules in firewall iptable to allow all traffic in Nginx and deny all in apache.

I think I did it correctly but still, the task failed.

Can anyone please help me understanding where I did wrong or what I missed here?

Thank-you in advance.

Hi!

Did you make rules permanent as well?

Hello,

Yes I made the rules permanent.

because you have restarted the service of iptables instead of save.

Hello @player001,

First I saved the service iptables with iptables-save and after that, I restarted the service.

So, rules should be permanent.

Waiting for your revert.

Thanks

@Inderpreet Can you please check this and clear my doubt?

Thank you

@Priyanshu
When you simply run iptables-save command you have to provide the file path to save rules into otherwise it will just display the output in stdout.

Either you should have provided /etc/sysconfig/iptables file path or you could simply use service iptables save which saves rules in /etc/sysconfig/iptables file.

@Inderpreet Thank you for the clearing my doubt.

Hello Team,

I got this task failed with below error
Either firewall rule was not added for Apache port (5004) or rule was not permanently added on Backup server.

I used below command for same

iptables -A OUTPUT -p tcp --dport 5004 -j DROP
iptables -A INPUT -p tcp --dport 8098 -j ACCEPT
service iptables save
service iptables restart
chkconfig iptables on

My nginx port was there in config but not for apache.

@Sidharth I think you were also asked to open Apache port for LBR host ? which seems missing.

Hello @Inderpreet I am not sure if it was asked but as much I remember its only for backup server.Is it possible if I can re-do this task ?

Also , If you see that error is also only for backup server not for LBR

@Sidharth as I checked the question it was asked to open Apache port for LBR host, the error is mentioning about backup server because all rules were needed to be added on backup server. You will get this task again sometime in future as you will be getting some repeated tasks for practice.

I’d posted here my problem:

I have the same resolve response - failed.
I mention that I accept only ports 22 and 8091 for both ip4 and ip6 and reject all other ports, as you can see from /etc/sysconfig/iptables and …/ip6tables.
Only ports 22 and 8091 are accepted, all others are DROP.
It’s a wrong solution?

Is it possible to receive an answer to my request?