Welcome to the Linux Foundation Forum!

LFS211 - Lab 15.2 Step 11 - iptables command clarification

Hello,

Step 11 in the 15.2 lab solution states this (emphasis mine):

Add an iptables rule to reject new connections on port 4200. If there is an established connection, it should continue to work

The iptables command line then looks like this:

iptables -A INPUT -p tcp -m tcp --dport 4200 -m state --state ESTABLISHED -j REJECT

If it's to reject new packages, should it not look like this?
iptables -A INPUT -p tcp -m tcp --dport 4200 -m state --state NEW -j REJECT

Thanks,
/Henrik

Comments

  • Hi @HenrikAreskoug ,

    Yes, there is a mistake, but it's Lab 15.1. In the exercise description is asks for the following:

    • Using iptables, block all established connections to port 4200.

    So in item 11 it does another thing: "Add an iptables rule to reject new connections on port 4200. If there is an established connection, it should continue to work".

    So the statement in the solution is bad, as it should be the same than the description.

    Note: for LFS211 issues like this, it would be good to post in the associated forum, so Lee can see it directly:

    https://forum.linuxfoundation.org/categories/lfs211-class-forum

    Regards,
    Luis.

Categories

Upcoming Training