A PHP Error was encountered

Severity: Warning

Message: filemtime(): stat failed for D:\xampp_old\htdocs\ebookreading.net\application\writable1/ci_sessionbe244619625c70637005f79b863c2e8013mv1v529jsa3a4c3ifu6mdug8m5k1j9

Filename: controllers/Base.php

Line Number: 44

Backtrace:

File: D:\xampp_old\htdocs\ebookreading.net\application\controllers\Base.php
Line: 44
Function: filemtime

File: D:\xampp_old\htdocs\ebookreading.net\application\controllers\View.php
Line: 10
Function: __construct

File: D:\xampp_old\htdocs\ebookreading.net\index.php
Line: 380
Function: require_once

Hands-on lab for firewalld commands

Hands-on lab for firewalld commands

By completing this lab, you'll get some practice with basic firewalld commands:

  1. Log into either your CentOS 7 or CentOS 8 virtual machine and run the following commands. Observe the output after each one:
 sudo firewall-cmd --get-zones
 sudo firewall-cmd --get-default-zone
 sudo firewall-cmd --get-active-zones
  1. Briefly view the man pages that deal with firewalld.zones:
 man firewalld.zones
 man firewalld.zone

(Yes, there are two of them. One explains the zone configuration files, while the other explains the zones themselves.)

  1. Look at the configuration information for all of the available zones:
sudo firewall-cmd --list-all-zones
  1. Look at the list of predefined services. Then, look at the information about the dropbox-lansync service:
 sudo firewall-cmd --get-services
 sudo firewall-cmd --info-service=dropbox-lansync
  1. Set the default zone to dmz. Look at the information concerned the zon, add the http and https services, and then look at the zone information again:
 sudo firewall-cmd --permanent --set-default-zone=dmz
 sudo firewall-cmd --permanent --add-service={http,https}
 sudo firewall-cmd --info-zone=dmz
 sudo firewall-cmd --permanent --info-zone=dmz
  1. Reload the firewall configuration and look at zone information again. Also, look at the list of services that are being allowed:
 sudo firewall-cmd --reload
 sudo firewall-cmd --info-zone=dmz
 sudo firewall-cmd --list-services
  1. Permanently open port 10000/tcp and view the results:
 sudo firewall-cmd --permanent --add-port=10000/tcp
 sudo firewall-cmd --list-ports
 sudo firewall-cmd --reload
 sudo firewall-cmd --list-ports
 sudo firewall-cmd --info-zone=dmz
  1. Remove the port that you just added:
 sudo firewall-cmd --permanent --remove-port=10000/tcp
 sudo firewall-cmd --reload
 sudo firewall-cmd --list-ports
 sudo firewall-cmd --info-zone=dmz
  1. Add a rich language rule to block a geographic range of IPv4 addresses:
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="200.192.0.0/24" service name="http" drop'
  1. Block the host-redirect and network-redirect ICMP types:
sudo firewall-cmd --add-icmp-block={host-redirect,network-redirect}
  1. Add the directive to log all dropped packets:
sudo firewall-cmd --set-log-denied=all

  1. View both the runtime and permanent configurations and note the differences between them:
sudo firewall-cmd --info-zone=public
sudo firewall-cmd --info-zone=public --permanent
  1. Make the runtime configuration permanent and verify that it took effect:
sudo firewall-cmd --runtime-to-permanent
sudo firewall-cmd --info-zone=public --permanent
  1. On CentOS 7, you can view the complete list of effective firewall rules by using the following command:
sudo iptables -L
  1. On CentOS 8, you can view the complete list of effective firewall rules by using the following command:
sudo nft list ruleset
  1. Create the direct rules in order to block invalid packets from the mangle table's PREROUTING chain:
sudo firewall-cmd --direct --add-rule ipv4 mangle PREROUTING 0 -m conntrack --ctstate INVALID -j DROP

sudo firewall-cmd --direct --add-rule ipv4 mangle PREROUTING 1 -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

sudo firewall-cmd --direct --add-rule ipv6 mangle PREROUTING 0 -m conntrack --ctstate INVALID -j DROP

sudo firewall-cmd --direct --add-rule ipv6 mangle PREROUTING 1 -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
  1. Verify that the rules took effect and make them permanent:
sudo firewall-cmd --direct --get-rules ipv4 mangle PREROUTING
sudo firewall-cmd --direct --get-rules ipv6 mangle PREROUTING
sudo firewall-cmd --runtime-to-permanent
  1. View the contents of the direct.xml file that you've just created:
sudo less /etc/firewalld/direct.xml
  1. Perform XMAS Nmap scans for both IPv4 and IPv6 against the virtual machine. Then, observe which rule was triggered by the scan:
sudo nmap -sX ipv4_address_of_CentOS-VM
sudo nmap -6 -sX ipv6_address_of_CentOS-VM
sudo iptables -t mangle -L -v
sudo ip6tables -t mangle -L -v
  1. Repeat step 19, but this time with a Windows scan:
sudo nmap -sW ipv4_address_of_CentOS-VM
sudo nmap -6 -sW ipv6_address_of_CentOS-VM
sudo iptables -t mangle -L -v
sudo ip6tables -t mangle -L -v
  1. View the list of main pages for firewalld:
apropos firewall

That's the end of the lab – congratulations!

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.77.71