A Solaris IP Filter rule with the keyword quick bypasses the normal rule checking sequence by immediately acting on the network packet if it matches the rule. When does a packet that matches a Solaris IP Filter rule with the quick keyword continue to be processed?

An administrator of the company firewall has modified the set of Solaris IP
Filter rules contained in the /etc/ipf/ipf.conf file enabling inbound HTTP traffic to reach a newly
implemented web server.

Following activation of the new rule set, outbound response packets from the web server are being blocked. The output of ipfstat -o reports:

block out all

What has the administrator forgotten?

A Solaris system router 192.168.1.55 running Solaris IP Filter is configured with two network interfaces on different subnets. The system needs to be configured to route all HTTP traffic and allow SSH login access only from the qfe0 interface.

pass in quick from any to any port = 80 keep state
pass in on qfe0 from any to 192.168.1.55/32 port = 22
block in all
block out all

What are two outcomes of applying this ipf.conf configuration? (Choose two.)

A Solaris 10 OS server has packet filtering enabled. Which command displays information on stdout regarding packets that match rules?

A Solaris 10 OS server on your network has the packet filter enabled. The rule of Solaris IP Filter firewall is:

block in proto icmp all

This rule, stored in the /etc/ipf/ipf.conf file, blocks all Internet Control Message Protocol (ICMP) traffic.

Which command modifies this rule so it prevents only ping traffic?

A Solaris 10 OS has packet filtering enabled and configured. Within the configuration file there is the log keyword, so the Solaris IP Filter firewall logs packets.

Given the following command:

ipmon -D /var/tmp/filterlog.txt

Which two statements are true? (Choose two.)

A server system runs the Solaris 10 OS with the Solaris IP Filter software installed. You enable the Solaris IP Filter software for the IPv4 addresses on the eri0 interface and start the Solaris IP Filter software without rebooting.

You create a rule set for Solaris IP Filter in /etc/ipf/ipf.conf. The interface eri0 is unplumbed.

Given the IP address 10.19.24.1 for the interface eri0, which three steps must be completed to complete your task? (Choose three.)

Solaris IP Filter logs messages using the /dev/ipl device. The events logged can be configured in the Solaris IP Filter configuration file. Which command or daemon can be used to collect messages from /dev/ipl?

You configure Solaris IP Filter on a Solaris system named myhost as a host-based firewall.

While attempting to telnet to myhost from another host named remotehost, you receive this error:

$ telnet myhost
Trying 192.168.1.100…

telnet: Unable to connect to remote host: Connection timed out

You run netstat -a on myhost and find this entry :

Local Address Remote Address Swind Send-Q Rwind Recv-Q State
————– ————————— ——— ———– ———- ———– ————
myhost.23 remotehost.39846 0 0 49640 0 SYN_RCVD

What is the cause of this problem?

You are attempting to filter all UDP network traffic between two Solaris zones on the same machine.

Zone 1 is using the IP address 192.168.84.1 on the interface ce0:1 Zone 2 is using the IP address 192.168.84.2 on the interface ce0:2

The Solaris IP Filter rules are in effect :

block in quick proto udp from 192.168.84.1 to 192.168.84.2 block in quick proto udp from 192.168.84.2 to 192.168.84.1

With these rules in effect, UDP traffic still passes between the two zones. Why is this traffic NOT being blocked?