A system administrator is hardening a new web server that has two network interfaces. Interface "eth0" connects to the trusted internal network, while "eth1" connects directly to the public Internet. The administrator wants to apply the restrictive rules of the built-in "public" zone only to eth1 and needs this assignment to survive reboots. Which firewall-cmd command accomplishes this?
explicitly binds eth1 to the public zone and writes the change to firewalld's permanent configuration so it is still in effect after a reload or reboot. Running the same command without --permanent would update only the runtime configuration, and the assignment would be lost when the service is reloaded. The --set-default-zone option changes the default zone for every interface that has no explicit zone, which could unintentionally place eth0 in the public zone. The command that omits --zone (firewall-cmd --add-interface=eth1 --permanent) is valid syntax, but it adds the interface to whatever zone is currently set as default; it therefore does not guarantee placement in the public zone and may fail the stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are firewalld zones and their purpose?
Open an interactive chat with Bash
What does the --permanent flag do in firewall-cmd commands?
Open an interactive chat with Bash
Why should the --zone option be explicitly set when using firewall-cmd?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access