Application Security - Task failed

Priyanshu · May 8, 2020, 12:52pm

Hello guys,

Task regarding the application security in which we have to create rules in firewall iptable to allow all traffic in Nginx and deny all in apache.

I think I did it correctly but still, the task failed.

Can anyone please help me understanding where I did wrong or what I missed here?

Thank-you in advance.

Lakshmi · May 10, 2020, 2:53am

Hi!

Did you make rules permanent as well?

Priyanshu · May 10, 2020, 6:23am

Hello,

Yes I made the rules permanent.

Tej-Singh-Rana · May 10, 2020, 4:21pm

because you have restarted the service of iptables instead of save.

Priyanshu · May 11, 2020, 2:35am

Hello @Tej-Singh-Rana,

First I saved the service iptables with iptables-save and after that, I restarted the service.

So, rules should be permanent.

Waiting for your revert.

Thanks

Priyanshu · May 15, 2020, 4:24pm

@Inderpreet Can you please check this and clear my doubt?

Thank you

Inderpreet · May 16, 2020, 6:38am

@Priyanshu
When you simply run iptables-save command you have to provide the file path to save rules into otherwise it will just display the output in stdout.

Either you should have provided /etc/sysconfig/iptables file path or you could simply use service iptables save which saves rules in /etc/sysconfig/iptables file.

Priyanshu · May 16, 2020, 7:53am

@Inderpreet Thank you for the clearing my doubt.

Sidharth · June 18, 2020, 5:59am

Hello Team,

I got this task failed with below error
Either firewall rule was not added for Apache port (5004) or rule was not permanently added on Backup server.

I used below command for same

iptables -A OUTPUT -p tcp --dport 5004 -j DROP
iptables -A INPUT -p tcp --dport 8098 -j ACCEPT
service iptables save
service iptables restart
chkconfig iptables on

My nginx port was there in config but not for apache.

Inderpreet · June 19, 2020, 1:47am

@Sidharth I think you were also asked to open Apache port for LBR host ? which seems missing.

Sidharth · June 19, 2020, 1:58am

Hello @Inderpreet I am not sure if it was asked but as much I remember its only for backup server.Is it possible if I can re-do this task ?

Also , If you see that error is also only for backup server not for LBR

Inderpreet · June 19, 2020, 3:35am

@Sidharth as I checked the question it was asked to open Apache port for LBR host, the error is mentioning about backup server because all rules were needed to be added on backup server. You will get this task again sometime in future as you will be getting some repeated tasks for practice.

dumitru.dinca · July 16, 2020, 2:52am

I’d posted here my problem:

I have the same resolve response - failed.
I mention that I accept only ports 22 and 8091 for both ip4 and ip6 and reject all other ports, as you can see from /etc/sysconfig/iptables and …/ip6tables.
Only ports 22 and 8091 are accepted, all others are DROP.
It’s a wrong solution?

dumitru.dinca · July 18, 2020, 5:48am

Is it possible to receive an answer to my request?

Alexandre · August 5, 2022, 10:22am

Is it possible to use firewall-cmd to complete this task?