Quiz: Firewalls¶

3 questions

L1 (2 questions)¶

1. What is the difference between iptables DROP and REJECT?

Show answer

DROP silently discards the packet (sender sees timeout). REJECT sends back an ICMP error (sender sees 'connection refused'). DROP is stealthier; REJECT is more user-friendly for internal networks.

2. How do you troubleshoot a firewall blocking traffic on Linux?

Show answer

1. iptables -L -n -v or nft list ruleset to see rules and hit counters.
2. Check the LOG target or nftables log for dropped packets.
3. Temporarily add an ACCEPT rule to confirm the firewall is the issue.
4. Check security groups / NACLs if in cloud.

L2 (1 questions)¶

1. A service works from one host but not another. Both are on the same subnet. What do you check?

Show answer

1. Host firewall rules differ (iptables/nftables on the target).
2. Source-based rules (only certain IPs allowed).
3. SELinux or AppArmor blocking the port.
4. Network policies (in K8s).
5. Check with tcpdump on both sides to see if packets arrive but are dropped.