A system administrator is tasked with restricting access to a web server running on the default HTTP port to only the IP range 192.168.100.0/24. The server is currently using firewalld for its firewall management. Which of the following commands should the administrator use to accomplish this task?
The correct answer, firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="80" accept', creates a persistent (--permanent) rule for the public zone in firewalld that uses a rich-rule to enable access on TCP port 80 for the source IP range of 192.168.100.0/24. This ensures that only devices with an IP from this range can access the HTTP service. The other options are incorrect for the following reasons: The first incorrect option attempts to add a service by name, which is not how IP-based restrictions are set. The second incorrect option adds an entire zone instead of the specific rule needed for the IP range. The last incorrect option contains an invalid subnet mask for the given IP range.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is 'firewalld' and how does it work?
Open an interactive chat with Bash
What are rich rules in 'firewalld'?
Open an interactive chat with Bash
What does the subnet notation '192.168.100.0/24' mean?