UNIX Question and Answer – Firewall Configuration
UNIX MCQ – Multiple Choice Questions for exam, interview, and Entrance Test
1. What is the purpose of the OUTPUT chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their destination IP address
Answer: b) To filter packets originating from the local system
Explanation: The OUTPUT chain in iptables is used to filter packets that are generated by the local system.
2. Which iptables rule is used to specify the source port?
a) –sport
b) –source-port
c) –src-port
d) –sourceport
Answer: a) –sport
Explanation: The –sport option in iptables rules is used to specify the source port.
3. What is the purpose of the FORWARD chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their source IP address
Answer: c) To filter packets forwarded through the local system
Explanation: The FORWARD chain in iptables is used to filter packets that are forwarded through the local system.
4. Which command is used to block all incoming ICMP traffic (ping) in iptables?
a) iptables -A INPUT -p icmp –icmp-type echo-request -j REJECT
b) iptables -A INPUT -p icmp –icmp-type echo-request -j DROP
c) iptables -A INPUT -p icmp –icmp-type echo-reply -j REJECT
d) iptables -A INPUT -p icmp –icmp-type echo-reply -j DROP
Answer: b) iptables -A INPUT -p icmp –icmp-type echo-request -j DROP
Explanation: This rule blocks all incoming ICMP echo request (ping) packets by dropping them.
5. What is the purpose of the nat table in iptables?
a) To filter packets before routing decisions are made
b) To perform Network Address Translation
c) To filter packets before they are forwarded
d) To filter packets based on their source IP address
Answer: b) To perform Network Address Translation
Explanation: The nat table in iptables is used to perform Network Address Translation, such as source or destination address translation.
6. Which iptables command is used to list the current iptables rules in a specific chain in UNIX?
a) iptables-list-chain
b) iptables-show-chain
c) iptables -L <chain>
d) iptables -S <chain>
Answer: c) iptables -L <chain>
Explanation: The iptables -L <chain> command is used to list the current iptables rules in a specific chain in UNIX.
7. What is the purpose of the POSTROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets after they are forwarded
Answer: d) To filter packets after they are forwarded
Explanation: The POSTROUTING chain in iptables is used to filter packets after they are forwarded.
8. Which iptables command is used to append a rule to the end of a specific chain?
a) iptables-append
b) iptables-add
c) iptables -A <chain>
d) iptables -E <chain>
Answer: c) iptables -A <chain>
Explanation: The iptables -A <chain> command is used to append a rule to the end of a specific chain in iptables.
9. What is the purpose of the PREROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets before they reach the local system
Answer: a) To filter packets before routing decisions are made
Explanation: The PREROUTING chain in iptables is used to filter packets before routing decisions are made, typically for NAT or port forwarding.
10. Which iptables rule is used to specify the destination IP address?
a) –dest
b) –destination
c) –dst
d) –daddr
Answer: b) –destination
Explanation: The –destination option in iptables rules is used to specify the destination IP address.
11. What is the purpose of the MASQUERADE target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The MASQUERADE target in iptables is used to perform source address translation for outgoing packets.
12. Which iptables command is used to delete all rules in a specific chain?
a) iptables-flush
b) iptables-delete-chain
c) iptables-clear
d) iptables -F <chain>
Answer: d) iptables -F <chain>
Explanation: The iptables -F <chain> command is used to delete all rules in a specific chain in iptables.
13. What is the purpose of the LOG target in iptables?
a) To silently discard packets
b) To reject packets with an ICMP error message
c) To log packets
d) To log packets and then drop them
Answer: c) To log packets
Explanation: The LOG target in iptables is used to log matching packets to the system log.
14. Which command is used to enable IPv4 forwarding in UNIX?
a) sysctl -w net.ipv4.ip_forward=1
b) echo 1 > /proc/sys/net/ipv4/ip_forward
c) ip_forwarding=1
d) enable_ipv4_forwarding
Answer: a) sysctl -w net.ipv4.ip_forward=1
Explanation: The sysctl -w net.ipv4.ip_forward=1 command is used to enable IPv4 forwarding in UNIX.
15. What is the purpose of the SNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The SNAT (Source NAT) target in iptables is used to perform source address translation for outgoing packets.
16. Which iptables rule is used to specify the source IP address?
a) –source
b) –src
c) –saddr
d) –src-address
Answer: b) –src
Explanation: The –src option in iptables rules is used to specify the source IP address.
17. What is the purpose of the REDIRECT target in iptables?
a) To perform port redirection
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform port redirection
Explanation: The REDIRECT target in iptables is used to redirect packets to a different port on the local system.
18. Which iptables command is used to delete all user-defined chains?
a) iptables-delete-chains
b) iptables -X
c) iptables -Z
d) iptables-clear-chains
Answer: b) iptables -X
Explanation: The iptables -X command is used to delete all user-defined chains in iptables.
19. What is the purpose of the –limit option in iptables rules?
a) To limit the number of packets matched per second
b) To limit the number of packets matched per minute
c) To limit the number of packets matched per hour
d) To limit the number of packets matched per day
Answer: a) To limit the number of packets matched per second
Explanation: The –limit option in iptables rules is used to limit the rate at which packets are matched.
20. Which command is used to display the current status of IPv4 packet forwarding in UNIX?
a) sysctl net.ipv4.ip_forward
b) cat /proc/sys/net/ipv4/ip_forward
c) ip_forward_status
d) show_ipv4_forwarding
Answer: b) cat /proc/sys/net/ipv4/ip_forward
Explanation: The cat /proc/sys/net/ipv4/ip_forward command is used to display the current status of IPv4 packet forwarding in UNIX.
21. What is the purpose of the state module in iptables?
a) To match packets based on their state
b) To match packets based on their source IP address
c) To match packets based on their destination IP address
d) To match packets based on their port numbers
Answer: a) To match packets based on their state
Explanation: The state module in iptables is used to match packets based on their connection state, such as NEW, ESTABLISHED, RELATED, or INVALID.
22. Which iptables command is used to save the current iptables rules to a file in UNIX?
a) iptables-save
b) iptables-export
c) iptables-backup
d) iptables -S
Answer: a) iptables-save
Explanation: The iptables-save command is used to save the current iptables rules to a file in UNIX.
23. What is the purpose of the DNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The DNAT (Destination NAT) target in iptables is used to perform destination address translation for incoming packets.
24. Which iptables rule is used to specify the source IP address?
a) –source
b) –src
c) –saddr
d) –src-address
Answer: b) –src
Explanation: The –src option in iptables rules is used to specify the source IP address.
25. What is the purpose of the ICMP target in iptables?
a) To allow ICMP traffic
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: c) To reject packets with an ICMP error message
Explanation: The ICMP target in iptables is used to reject packets with a specific ICMP error message.
26. Which iptables command is used to block all incoming SSH (port 22) traffic?
a) iptables -A INPUT -p tcp –dport 22 -j REJECT
b) iptables -A INPUT -p tcp –dport 22 -j DROP
c) iptables -A INPUT -p ssh -j REJECT
d) iptables -A INPUT -p ssh -j DROP
Answer: b) iptables -A INPUT -p tcp –dport 22 -j DROP
Explanation: This rule blocks all incoming SSH traffic by dropping packets.
27. What is the purpose of the FORWARD chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their source IP address
Answer: c) To filter packets forwarded through the local system
Explanation: The FORWARD chain in iptables is used to filter packets that are forwarded through the local system.
28. Which iptables rule is used to specify the destination port?
a) –dport
b) –destination-port
c) –dst-port
d) –destport
Answer: a) –dport
Explanation: The –dport option in iptables rules is used to specify the destination port.
29. What is the purpose of the POSTROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets after they are forwarded
Answer: d) To filter packets after they are forwarded
Explanation: The POSTROUTING chain in iptables is used to filter packets after they are forwarded.
30. Which iptables command is used to append a rule to the end of a specific chain?
a) iptables-append
b) iptables-add
c) iptables -A <chain>
d) iptables -E <chain>
Answer: c) iptables -A <chain>
Explanation: The iptables -A <chain> command is used to append a rule to the end of a specific chain in iptables.
31. What is the purpose of the PREROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets before they reach the local system
Answer: a) To filter packets before routing decisions are made
Explanation: The PREROUTING chain in iptables is used to filter packets before routing decisions are made, typically for NAT or port forwarding.
32. Which iptables rule is used to specify the destination IP address?
a) –dest
b) –destination
c) –dst
d) –daddr
Answer: b) –destination
Explanation: The –destination option in iptables rules is used to specify the destination IP address.
33. What is the purpose of the MASQUERADE target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The MASQUERADE target in iptables is used to perform source address translation for outgoing packets.
34. Which iptables command is used to delete all rules in a specific chain?
a) iptables-flush
b) iptables-delete-chain
c) iptables-clear
d) iptables -F <chain>
Answer: d) iptables -F <chain>
Explanation: The iptables -F <chain> command is used to delete all rules in a specific chain in iptables.
35. What is the purpose of the LOG target in iptables?
a) To silently discard packets
b) To reject packets with an ICMP error message
c) To log packets
d) To log packets and then drop them
Answer: c) To log packets
Explanation: The LOG target in iptables is used to log matching packets to the system log.
36. Which command is used to enable IPv4 forwarding in UNIX?
a) sysctl -w net.ipv4.ip_forward=1
b) echo 1 > /proc/sys/net/ipv4/ip_forward
c) ip_forwarding=1
d) enable_ipv4_forwarding
Answer: a) sysctl -w net.ipv4.ip_forward=1
Explanation: The sysctl -w net.ipv4.ip_forward=1 command is used to enable IPv4 forwarding in UNIX.
37. What is the purpose of the SNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The SNAT (Source NAT) target in iptables is used to perform source address translation for outgoing packets.
38. Which iptables rule is used to specify the source IP address?
a) –source
b) –src
c) –saddr
d) –src-address
Answer: b) –src
Explanation: The –src option in iptables rules is used to specify the source IP address.
39. What is the purpose of the REDIRECT target in iptables?
a) To perform port redirection
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform port redirection
Explanation: The REDIRECT target in iptables is used to redirect packets to a different port on the local system.
40. Which iptables command is used to delete all user-defined chains?
a) iptables-delete-chains
b) iptables -X
c) iptables -Z
d) iptables-clear-chains
Answer: b) iptables -X
Explanation: The iptables -X command is used to delete all user-defined chains in iptables.
41. What is the purpose of the –limit option in iptables rules?
a) To limit the number of packets matched per second
b) To limit the number of packets matched per minute
c) To limit the number of packets matched per hour
d) To limit the number of packets matched per day
Answer: a) To limit the number of packets matched per second
Explanation: The –limit option in iptables rules is used to limit the rate at which packets are matched.
42. Which command is used to display the current status of IPv4 packet forwarding in UNIX?
a) sysctl net.ipv4.ip_forward
b) cat /proc/sys/net/ipv4/ip_forward
c) ip_forward_status
d) show_ipv4_forwarding
Answer: b) cat /proc/sys/net/ipv4/ip_forward
Explanation: The cat /proc/sys/net/ipv4/ip_forward command is used to display the current status of IPv4 packet forwarding in UNIX.
43. What is the purpose of the state module in iptables?
a) To match packets based on their state
b) To match packets based on their source IP address
c) To match packets based on their destination IP address
d) To match packets based on their port numbers
Answer: a) To match packets based on their state
Explanation: The state module in iptables is used to match packets based on their connection state, such as NEW, ESTABLISHED, RELATED, or INVALID.
44. Which iptables command is used to save the current iptables rules to a file in UNIX?
a) iptables-save
b) iptables-export
c) iptables-backup
d) iptables -S
Answer: a) iptables-save
Explanation: The iptables-save command is used to save the current iptables rules to a file in UNIX.
45. What is the purpose of the DNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The DNAT (Destination NAT) target in iptables is used to perform destination address translation for incoming packets.
46. Which iptables rule is used to specify the source IP address?
a) –source
b) –src
c) –saddr
d) –src-address
Answer: b) –src
Explanation: The –src option in iptables rules is used to specify the source IP address.
47. What is the purpose of the ICMP target in iptables?
a) To allow ICMP traffic
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: c) To reject packets with an ICMP error message
Explanation: The ICMP target in iptables is used to reject packets with a specific ICMP error message.
48. Which command is used to reload iptables rules from a file in UNIX?
a) iptables-load
b) iptables-restore
c) iptables-reload
d) iptables -R
Answer: b) iptables-restore
Explanation: The iptables-restore command is used to reload iptables rules from a file in UNIX.
49. What is the purpose of the REJECT target in iptables?
a) To silently discard packets
b) To reject packets with an ICMP error message
c) To log packets
d) To log packets and then drop them
Answer: b) To reject packets with an ICMP error message
Explanation: The REJECT target in iptables is used to reject packets with a specific ICMP error message.
50. Which iptables rule is used to specify the destination IP address?
a) –dest
b) –destination
c) –dst
d) –daddr
Answer: b) –destination
Explanation: The `–destination` option in iptables rules is used to specify the destination IP address.
