-- Exhibit --
firewall {
filter select-telnet {
term 1 {
from {
source-address {
10.0.0.0/8;
}
}
then log;
}
term 2 {
from {
protocoltcp;
port telnet;
}
then {
syslog;
reject;
}
}
term 3 {
from {
source-address {
10.1.1.1/32;
}
protocoltcp;
port telnet;
}
then {
sample;
accept;
}
}
}
}
-- Exhibit --
A Telnet session is initiated from host 10.1.1.1.
What will happen when it is processed by the firewall filter shown in the exhibit?
Click on the arrows to vote for the correct answer
A. B. C. D.A
The firewall filter shown in the exhibit has three terms which are evaluated sequentially. Each term contains matching conditions and an action. The Telnet session initiated from host 10.1.1.1 will be processed by this firewall filter as follows:
Term 1: The first term matches on source address 10.0.0.0/8, but it only logs the packet and does not take any further action. Therefore, this term does not affect the Telnet session initiated from host 10.1.1.1.
Term 2: The second term matches on the TCP protocol and Telnet port, and then takes the following actions:
Since the Telnet session initiated from host 10.1.1.1 matches the conditions of term 2, the packet will be discarded, and a syslog message will be generated. Therefore, the correct answer is B. The packet will be discarded and logged.
Term 3: The third term matches on source address 10.1.1.1/32, TCP protocol, and Telnet port. It takes the following actions:
Since the Telnet session initiated from host 10.1.1.1 matches the conditions of term 3, the packet will be accepted, and a sample will be captured. However, this term will not affect the Telnet session since term 2 matches first and discards the packet.
In summary, the firewall filter will discard the Telnet session initiated from host 10.1.1.1 and generate a syslog message, making option B the correct answer.