Skip to content

Grading Checklist

  • Uses iptables -L -v -n (with -n for numeric output) to inspect all chains.
  • Identifies the specific DROP rule in the OUTPUT chain blocking traffic to the payment gateway IP range.
  • Understands iptables rule evaluation order: rules are matched top-to-bottom, first match wins.
  • Recognizes that a broad DROP rule placed before a more specific ACCEPT rule causes the block.
  • Uses iptables -L -v -n --line-numbers to identify the exact rule number.
  • Demonstrates how to delete or reorder the offending rule.
  • Tests the fix with curl or telnet to the payment gateway.
  • Suggests using strace -e trace=network to confirm the connection failure at the syscall level.
  • Mentions checking the packet/byte counters on the DROP rule to confirm it is matching traffic.
  • Recommends persisting the fix with iptables-save or the appropriate persistence mechanism.
  • Notes that iptables rules are lost on reboot unless persisted.
  • Suggests implementing a change management process for firewall rules.