1.What is a firewall and how does it work?
A) A firewall is a network security device/software that monitors and controls incoming and outgoing traffic based on predefined rules.It acts like a security guard between trusted (internal) and untrusted (external) networks.
2. What are the types of firewalls?
A)
- Packet Filtering Firewall – Works at network layer, checks source/destination IP, port, protocol.
- Stateful Inspection Firewall – Tracks active connections, more secure.
- Application Firewall – Inspects application-level traffic (HTTP, FTP).
- Next-Generation Firewall (NGFW) – Includes deep packet inspection, IDS/IPS, malware protection.
3. What is the difference between hardware and software firewalls?
A)
- Hardware firewall → Dedicated device (Cisco ASA, Palo Alto, Fortinet).
- Software firewall → Runs on a host OS (iptables, firewalld, Windows Defender Firewall).
4. What is the difference between iptables and firewalld in Linux
A)
- iptables → Legacy command-line tool to configure Netfilter rules.
- firewalld → Modern firewall management tool with zones and dynamic configuration, built on top of Netfilter.
5. What are inbound and outbound rules in a firewall?
A) Inbound rules → Control traffic entering the system (e.g., block port 23 for Telnet).
Outbound rules → Control traffic leaving the system (e.g., allow only port 80/443 outbound).
6. How do you check firewall status in Linux?
A) For firewalld:
systemctl status firewalld
firewall-cmd --state
For iptables:
iptables -L -n -v
7. How do you allow a port in firewalld?
A)
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload
8. What is the difference between DROP and REJECT in firewall rules?
A)
DROP → Silently discards the packet (no response).
REJECT → Actively denies the connection and sends an error message to the sender.
9. How do you allow only specific IP addresses to access SSH (port 22)?
A) iptables:
iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
10. What is NAT in firewall context?
A) NAT (Network Address Translation) maps private IP addresses to a public IP. Firewalls often implement NAT to allow internal hosts to access the internet securely.
Example (iptables SNAT):
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
11. What are the logs generated by firewalls and where can you check them?
A) Firewall logs show dropped/allowed packets, suspicious activities.
Linux: /var/log/messages, /var/log/firewalld, /var/log/syslog.
Use:
journalctl -u firewalld
12. What are best practices for securing a firewall?
A)
- Deny all by default, allow only required ports.
- Disable unused services.
- Limit SSH access to specific IPs.
- Regularly review and update firewall rules.
- Use logging and monitoring for suspicious activity
13. What is the difference between stateful and stateless firewalls?
A) A stateless firewall checks each packet independently using IP/port,
while a stateful firewall tracks the state of connections and allows or blocks traffic based on session context
14. What is SELinux?
A) SELinux = Security-Enhanced Linux.It is a mandatory access control (MAC) security system built into the Linux kernel.Unlike traditional Linux permissions (user/group/others), SELinux adds an extra layer of access control based on policies