A security administrator is hardening a Linux server that should only allow encrypted web traffic over HTTPS. Which of the following firewall-cmd commands should the administrator execute to block unencrypted HTTP traffic on the standard port?
The command sudo firewall-cmd --permanent --remove-service=http is correct because it permanently removes the rule allowing HTTP service (which operates by default on port 80) from the firewall configuration using firewall-cmd, the tool for managing firewalld, a firewall service daemon that provides a dynamic firewall management tool with support for network/firewall zones. Removing the HTTP service effectively blocks unencrypted web traffic. The --permanent flag ensures that the change persists across system reboots. Other options either open ports, set up rules for a different service, or list services, hence they do not achieve the task of blocking HTTP traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is `firewall-cmd` and how does it work?
Open an interactive chat with Bash
What are the differences between HTTP and HTTPS?
Open an interactive chat with Bash
Why is it important to block unencrypted HTTP traffic?