A Linux administrator built a GitLab server. Later that day, a software engineer tried to access the server to upload the repository during the final step of installation. The software engineer could not access the website. Which of the following firewall rules would allow access to this site?
A. iptables -A INPUT -p tcp -m multiport –dports 80,443 -m conntrack -cstate NEW, ESTABLISHED -j ACCEPT
B. iptables -A INPUT -p tcp -m multiport –dports 80,443 -m conntrack -cstate ESTABLISHED -j ACCEPT
C. iptables -A INPUT -p tcp -m multiport –dports 80,443 -m conntrack -cstate RELATED, ESTABLISHED -j ACCEPT
D. iptables -A INPUT -p tcp -m multiport –dports 80,443 -m conntrack -cstate NEW, ESTABLISHED -j REJECT
Options are A B & C
The administrator build the Gitlab server, let say he did it thru ssh connection from his account/workstation, doesn’t said he open ports 80/443 on the firewall and tested the website. The engineer is trying to connect lets said from his account/workstation for the first time to the Gitlab website thru port 80/443 to upload the repositories. Is that the case connection is NEW, ESTABLISHED. Answer is A. No enough info.
NEW: The connection has not yet been seen. This state represents the very first packet of a connection.
ESTABLISHED: This state is used for packets that are part of an existing connection. For a connection to be in this state, it should have received a reply from the other host.
RELATED: The connection is new, but is related to another connection already permitted. This state is used for connections that are related to another ESTABLISHED connection. An example of this is an FTP data connection — they’re “related” to the already “established” control connection.