2018-05-05 13:42:58
Requirement: Everyone must be able to answer in writing, be proficient in oral expression, and defeat other competitors in the interview.
1. Describe the iptales workflow and rule filtering order?
iptables works by using the packet filtering mechanism, so it will analyze the packet header data of the requested packet, and perform related operations according to our pre-set rules.
When the firewall receives the packet:
1. The firewall is filtered layer by layer first, and the rules are filtered from top to bottom and from front to back.
2. If the upper rule (ACCEPT, DROP) is matched, it will not be matched down again.
3. If the matching rule does not clearly indicate that the packet is to be blocked or passed, that is, there is no matching rule, it will continue to execute the next hop rule.
4. If all the above rules cannot be matched, the default rules will be executed in the end.
2. How many tables does iptables have and how many chains does each table have?
3. How many tables in iptables and the function of the corresponding chain of each table, corresponding to enterprise application scenarios?
iptables general structure
Iptables is actually a container of multiple tables. Each table contains different chains. The chains define different policies. We define different rules to control the entry and exit of data packets in the firewall. .
The three major tables in iptables
Filter is the default host firewall, filtering packets flowing in and out of the host. It contains three chains of INPUT, OUTPUT, and FOWARD
INPUT to filter packets entering the host
OUTPUT processes data packets sent from this machine
FOWARD processes the data packets flowing through this host, which is related to NAT
Filter table is an important means for enterprises to realize firewall function
NAT is responsible for network address translation (translation of IP and port from the destination address), generally used for shared Internet access on a local area network, similar to the network switch acl, including three chains of OUTPUT, PREROUTING, and POSTROUTING
OUTPUT changes the destination address of packets sent by the host
When the PREROUTING packet arrives at the firewall, the rules executed before the routing judgment are performed, and the destination address and destination port of the packet are changed.
When the POSTROUTING packet leaves the firewall, the rules executed before the routing judgment is performed, and the source address and source port of the packet are changed.
Mangle is rarely used in enterprises
4. Draw a picture to explain the simple flow chart of iptables packet filtering through different tables and chains and explain it.
1. Before the data packet is ready to enter iptables, the prerouting chain of the NAT table will rewrite the IP or port of the destination address of the data packet, and map it to a different IP or port.
2. At this time, the data packet continues to move forward, there are two situations:
2.1 The data packets enter the host of iptables, pass through the INPUT chain of the FILTER table, enter the OUTPUT chain of the NAT table and the OUTPUT chain of the FILTER table and flow out. In general, only the INPUT chain of the FILTER table needs to be controlled
2.2 The data packet flows through the host. For example, when it is used for routing, the data packet flows through the FORWARD chain of the FILETER table
2.3 All data packets flow out through POSTROUTING in the NAT table, rewriting the source address IP or port.
5. Please write a command to view all current rules of iptables.
iptables -nL (default view filter table)
iptables -nL -t nat (rules for card NAT table)
6. Forbid requests from the 10.0.0.188 ip address to access port 80
iptables -A INPUT -p tcp -s 10.0.0.188 --deport 80 -j DROP
7. How to make the iptables rules executed on the command line take effect permanently?
method 1:
/etc/init.d/iptables save
Method 2:
iptables-save >/etc/sysconfig/iptables
8. Implement the request to access 10.0.0.3:80 to 172.16.1.17:80
To do IP mapping on the 10.0.0.3 host, the specific command:
iptables -t nat -A PREROUTING -d 10.0.0.3 -p tcp --dport 80 -j DNAT --to-destination 172.16.1.17:80
9. Realize that all hosts in the 172.16.1.0/24 segment share the Internet through the 124.32.54.26 external network IP.
Configure the POSTROUTING chain of the NAT table on the host at 124.32.54.26
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j SNAT --to-source 124.32.54.26
For each host on the 172 network segment, you need to configure the IP of the network card on the same network segment with the default gateway of the 124.32.54.26 host.
10. Describe the tcp three-way handshake and four-way disconnection process?
(Extracurricular reference: http://user.qzone.qq.com/49000448/blog/1426987479 )
11. Describe in detail how HTTP works?
User access process
DNS resolution principle
tcp three-way handshake, four disconnects
HTTP request message, interpretation of the response message
Common Status Codes
Let's talk about the structure
12. Please describe the common production application scenarios of iptables .
1) LAN shared Internet access (suitable for corporate intranet LAN Internet gateway, and Internet access gateway for IDC computer room intranet)
(nat POSTROUTING)
2) Server fire prevention function (suitable for servers with external network IP in IDC computer room) (mainly the control of filter INPUT )
3) Map the external IP and port to the internal area of the local area network (it can be one-to-one IP mapping, or it can be
mapped ). It may also be that the IDC maps the website's external network vip and website port to the load balancer (hardware firewall). (nat
PREROUTING)
4) Office router + gateway function (zebra road±+iptables filtering and NAT+squid forward transparent proxy
80+ntop/iftop/iptraf traffic view + tc traffic control speed limit
5) Mail gateway
13. Please describe the function of the following iptables command
iptables -N syn-flood
iptables -A INPUT -i eth0 -syn -j syn-flood
iptables -A syn-flood -m limit -limit 5000/s -limit-burst 200 -j RETURN
iptables -A syn-flood -j DROP
Firewall strategies to prevent SYN attacks
14. How to optimize iptables in large concurrent scenarios of enterprise WEB applications?
Increase the connection tracking table,
reduce the timeout period,
About pv3000w, concurrent 1w~2w, turn off iptables or choose hardware firewall.
(2) Interview questions for enterprise operation and maintenance experience:
15. Write a firewall configuration script that only allows remote hosts to access port 80 of this machine (Qihoo 360 interview questions)
(http://user.qzone.qq.com/49000448/blog/1429755081)
iptables -P INPUT DROP
iptables -A INPUT --dport 80 -j ACCEPT
16. Please describe how to configure a linux Internet gateway?
The kernel forwarding of the linux gateway needs to be punched
17. Please describe how to configure a professional and secure WEB server host firewall?
The default rules deny, what to use
18. Enterprise practical problem 6 : Please use at least two methods to achieve it!
Write a script to solve DOS attack production case
提示:根据web日志或者或者网络连接数,监控当某个IP并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频率每隔3分钟。防火墙命令为:iptables -A INPUT -s 10.0.1.10 -j DROP。
(此题来自老男孩教育SHELL编程必会考试题之一)
http://www.cnblogs.com/Richard-Liang/p/8991570.html
19、/var/log/messages日志出现kernel: nf_conntrack: table full, dropping packet.请问是什么原因导致的?如何解决?
原因,连接中转池满了,需要调大,超时调小
需要内核调优
20、压轴上机实战iptables考试题