You are a network security engineer configuring a perimeter firewall for Acme Corp.
The web server is at 192.168.1.10 (internal). The management workstation subnet is 10.0.0.0/24.
Apply the following security policy by adding the correct rules:
1. Allow inbound HTTPS (TCP 443) from any source to the web server.
2. Allow inbound SSH (TCP 22) to the web server from the management subnet only.
3. Deny all inbound Telnet (TCP 23) from any source.
4. Allow outbound DNS (UDP 53) from the internal network 192.168.1.0/24.
5. Add an implicit deny-all as the final rule (must be last).
Policy Requirements — checked after grading
○
Allow HTTPS inbound to web server
○
Allow SSH from mgmt subnet only
○
Deny all inbound Telnet
○
Allow outbound DNS from 192.168.1.0/24
○
Implicit deny-all (last rule)
Network Topology
🌐
Internet
ANY
→
🛡️
Firewall
You configure this
→
🖥️
Web Server
192.168.1.10
💻
Mgmt Workstations
10.0.0.0/24
↑
🛡️
Firewall
(same device)
ACL Rules — evaluated top-down, first match wins
#
Direction
Protocol
Source
Destination
Port
Action
Use ANY for wildcard source/destination. CIDR notation accepted (e.g. 10.0.0.0/24).
Activity Log
00:00:00Firewall configuration panel ready. Add rules to match the security policy.