Laboratory: Configuring a Firewall
In this exercise you will be working with firewalld, a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems. It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall "zones" to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options.
For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External).
Enterprise is a CentOS 7 machine.CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host.
External is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines.
Allocating the Lab Machines
Once you open the Lab Broker using the instructions given in the UMUC Digital Lab Access Instructions found under Accessing Remote DaaS Lab under Course Content, you will see a new window open. Each of your courses that have labs will be listed here in the Lab Broker page.
Network Traffic Simulation Script
The Network traffic Simulation script allows users to test pathways to lab resource machines by using the terminal to initiate test packets. The script takes 2 input variables (IP address and service) and uses this information to initiate a test. The script is implemented using bash shell. The script accepts a target IP (-t) and any service name (-s) available in /etc/services.
Also, provide a short summary of your experience of using DaaS for this Lab (Difficulties you have encountered, what worked, what did not work, etc.)
Attachment:- FirewallLab.rar