Which of the following commands will enforce this rule?

A DevOps engineer needs to allow incoming traffic to ports in the range of 4000 to 5000 on a Linux server.

Which of the following commands will enforce this rule?
A . iptables -f filter -I INPUT -p tcp –dport 4000:5000 -A ACCEPT
B . iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT
C . iptables filter -A INPUT -p tcp –dport 4000:5000 -D ACCEPT
D . iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT

View Answer

Answer: B

Explanation:

The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will enforce the rule of allowing incoming traffic to ports in the range of 4000 to 5000 on a Linux server.

The iptables command is a tool for managing firewall rules on Linux systems. The -t option specifies the table to operate on, in this case filter, which is the default table that contains the rules for filtering packets. The -A option appends a new rule to the end of a chain, in this case INPUT, which is the chain that processes the packets that are destined for the local system. The -p option specifies the protocol to match, in this case tcp, which is the transmission control protocol. The –dport option specifies the destination port or port range to match, in this case 4000:5000, which is the range of ports from 4000 to 5000. The -j option specifies the target to jump to if the rule matches, in this case ACCEPT, which is the target that allows the packet to pass through. The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will add a new rule to the end of the INPUT chain that will accept the incoming TCP packets that have a destination port between 4000 and 5000. This command will enforce the rule and allow the traffic to the specified ports. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong options (-f instead of -t or -D instead of -A) or do not exist (iptables filter -A INPUT -p tcp — dport 4000:5000 -D ACCEPT or iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 543.