0
0
Linux CLIscripting~20 mins

Firewall basics (ufw, iptables) in Linux CLI - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Firewall Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
What is the output of this UFW status command?
You run the command sudo ufw status verbose on a Linux server with these rules enabled:

- Allow SSH (port 22)
- Deny all incoming by default

What will the output show?
Linux CLI
sudo ufw status verbose
AStatus: inactive
B
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)

To                         Action      From
--                         ------      ----
22                         DENY IN     Anywhere
C
Status: active
Logging: off
Default: allow (incoming), deny (outgoing), disabled (routed)

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
D
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
Attempts:
2 left
💡 Hint
Think about the default policies and what rules you added.
💻 Command Output
intermediate
1:30remaining
What does this iptables command do?
You run this command:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

What is the effect on the firewall?
Linux CLI
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
AIt blocks all incoming TCP traffic on port 80.
BIt allows incoming TCP traffic on port 80 (HTTP).
CIt allows outgoing TCP traffic on port 80.
DIt deletes existing rules for port 80.
Attempts:
2 left
💡 Hint
Look at the chain, protocol, port, and action.
🔧 Debug
advanced
2:00remaining
Why does this iptables rule cause an error?
You try to run:

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT

But it returns an error. Why?
Linux CLI
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
AThe chain 'INPUT' does not exist.
BThe protocol 'tcp' is invalid for port 'ssh'.
CThe port name 'ssh' is not recognized; port numbers must be used.
DThe jump target 'ACCEPT' is misspelled.
Attempts:
2 left
💡 Hint
Check if iptables accepts service names or only numbers for ports.
🚀 Application
advanced
2:30remaining
Create a UFW rule to allow HTTPS only from a specific IP
You want to allow incoming HTTPS (port 443) traffic only from IP 192.168.1.100 using UFW.

Which command achieves this?
Asudo ufw allow from 192.168.1.100 to any port 443 proto tcp
Bsudo ufw allow 443 from 192.168.1.100
Csudo ufw allow to 192.168.1.100 port 443
Dsudo ufw deny from 192.168.1.100 to any port 443
Attempts:
2 left
💡 Hint
Think about specifying source IP, destination port, and protocol.
🧠 Conceptual
expert
3:00remaining
What is the effect of this iptables command sequence?
Consider these commands run in order:

1. sudo iptables -P INPUT DROP
2. sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3. sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

What is the overall effect on incoming traffic?
AAll incoming traffic is blocked except established connections and new SSH connections on port 22.
BAll incoming traffic is allowed including SSH and established connections.
CAll incoming traffic is blocked including SSH and established connections.
DOnly SSH traffic is allowed; all other traffic is blocked.
Attempts:
2 left
💡 Hint
Look at the default policy and the rules allowing specific traffic.