A network administrator is troubleshooting connectivity issues. Based on the exhibit, which of the following is true about the iptables rules?
The first rule matches new and established traffic from 10.0.1.0/24; the second matches only established traffic back.
Why this answer
Option C is correct because the iptables rules show a default FORWARD policy of ACCEPT, but the INPUT chain has a default policy of DROP. The rule '-A FORWARD -s 10.0.1.0/24 -j ACCEPT' allows outbound traffic from the 10.0.1.0/24 subnet to the internet. The rule '-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT' ensures that only return traffic belonging to an existing connection is permitted back, while new inbound connections from the internet are implicitly dropped by the FORWARD chain's default policy.
Exam trap
The trap here is that candidates often confuse the FORWARD chain with the INPUT chain, assuming that rules in the FORWARD chain apply to traffic destined for the firewall itself, or they overlook that the default policy for the FORWARD chain is DROP (not ACCEPT) unless explicitly set to ACCEPT in the exhibit.
How to eliminate wrong answers
Option A is wrong because the FORWARD chain's default policy is DROP (not shown but implied by the rules), and there is no rule allowing new connections from the internet to 10.0.1.0/24; only ESTABLISHED,RELATED traffic is allowed back. Option B is wrong because the policy shown is ACCEPT only for the FORWARD chain, but the INPUT chain has a default policy of DROP, and the FORWARD chain's default policy is also DROP (as no default ACCEPT is listed for FORWARD in the exhibit); thus, not all traffic is allowed by default. Option D is wrong because the rules shown are in the FORWARD chain, which applies to traffic being routed through the firewall, not to incoming traffic destined for the firewall itself (which would be handled by the INPUT chain).