You are hardening a RHEL 9 web server that still uses the default firewalld zone (public). Only hosts on the 192.168.1.0/24 subnet should be able to reach the site over HTTP, and the rule must remain in force after any reboot. Using a single firewall-cmd command, which choice accomplishes this?
The correct command adds a rich rule that (1) limits the source to 192.168.1.0/24, (2) allows the predefined HTTP service, (3) specifies family="ipv4" because an IP network is referenced, (4) targets the existing public zone, and (5) includes the --permanent flag so the rule survives service restarts and system reboots. The other options each fail to meet at least one requirement: one mixes --add-service with --source in a syntax that does not create a rule scoped to the source network; another places the rule in the trusted zone, which would not harden the public zone; and another omits --permanent, so the rule would disappear after a reboot.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a rich rule in firewalld?
Open an interactive chat with Bash
What does the --permanent flag do in a firewall-cmd command?
Open an interactive chat with Bash
What is the purpose of specifying a source address in a firewalld rule?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access