Open main menu

CDOT Wiki β

Changes

OPS335 Lab 2 draft

613 bytes added, 12:18, 22 January 2016
no edit summary
===Confirm Default vs Updated Firewall Rules for VMs===
To preempt some confusion let's start You should have learned in OPS235 how to view existing iptables rules with the command: iptables -L.Although you may assume that this: listing of rules should be empty, they may not be! There might be default rules that already exist, or that exist when the firewall is reset to default (i.e. iptables -F). In fact, several rules are were '''automatically added for ''' to your chains because you because of the are using a '''virtual network'''. As an exercise , wewill determine which of those rules when running a virtual network were added. ''ll figure out what those are exactly'Perform the Following Steps:'''# Run '''iptables -L''' and but redirect the output to a text file, so called '''before.txt''' (you can refer to it will be using this file later).# Shutdown all of your VMs.# Stop the '''libvirtd ''' service# Restart the '''iptables ''' service# Rerun Re-issue '''iptables -L''' commands making certain to redirect output to get a second file ('''after.txt'''). This should provide a listing of the new state of the your firewall and redirect the output to settings. Use a second text different, but an appropriate file-name.# Now you You now should have two text files representing the <u>before </u> and <u>after </u> states of your firewall. You can compare Compare differences between these two files using the files visually but it's often easier to use a diff command (You should have used this tool:#* in ULI101). The command-line tool '''diff''' takes some time to get used to but you'll get used to it eventually, it's used a lot in the industry. #Run '''diff -u before.txt after.txt''' and figure out how to read the output.#* <br><br>'''TIP:''' You can also install a graphical tool that makes it much easier to see differences: '''kompare before.txt after.txt'''<br><br>
# You can use these tools to compare any two text files, they often come in handy. For the purpose of this lab notice that some iptables rules are added automatically by the libvirtd service.
13,420
edits