Summary: exact iptables command to stop a source from accessing a Linux cluster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks All/Raj, Ok, I miss something so
the following works :
 
# chkconfig iptables on
# /sbin/iptables -I RH-Firewall-1-INPUT -s 10.5.5.25 -j DROP
# /sbin/service iptables save   <== this will create /etc/sysconfig/iptables
# service iptables restart
 
 
Thanks


On Fri, Sep 18, 2009 at 6:46 PM, Rajveer Singh <torajveersingh@xxxxxxxxx> wrote:
Dear sunHux,
 
iptables stores rules in /etc/sysconfig/iptables file by default. So if you don't have any rules in this file, and try to start iptables service using "service iptables start" you will see the out of "service iptables status" as "Firewall is stopped".
 
So it's not any issue and you can put any iptable rules.
 
Re,
Raj

On Fri, Sep 18, 2009 at 4:05 PM, sunhux G <sunhux@xxxxxxxxx> wrote:
 
I can't even start up iptables as the previous admin hardened it
(but not sure how / where he hardened it)
 
So despite that I do
service iptables start,
"service iptables status" still show "Firewall is stopped"
 
Now, can I use /etc/hosts.deny instead ?
Do I need to do "pkill -HUP tcpd"   or
"service xinetd restart"   - which of the two
commands shd I execute & what's the syntax
in /etc/hosts.deny ?
 
Thanks

On Fri, Sep 18, 2009 at 11:38 AM, Ian Hayes <cthulhucalling@xxxxxxxxx> wrote:
[root@cthulhu ~]# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       all  --  10.5.5.5             anywhere
2    DROP       all  --  10.5.5.6             anywhere
3    DROP       all  --  10.5.5.7             anywhere

Find the rule number that matches the one you want to delete. Say you want to delete #2 from the INPUT table

[root@cthulhu ~]# iptables -D INPUT 2
[root@cthulhu ~]# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       all  --  10.5.5.5             anywhere
2    DROP       all  --  10.5.5.7             anywhere


Or you can do iptables -F which will basically drop all your iptables. Make sure you've saved recently before you do that.


On Thu, Sep 17, 2009 at 8:22 PM, sunhux G <sunhux@xxxxxxxxx> wrote:
Thanks Ian.
 
So I issue this command on both cluster nodes and it will also
stop access to the virtual cluster address?
 
What's the command to reverse / remove
" iptables -A INPUT -s 10.5.5.25 -j DROP " ?
Just in case there's a problem, I'll need to reverse.
 
Tks
U
On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <cthulhucalling@xxxxxxxxx> wrote:
iptables -A INPUT -s 10.5.5.25 -j DROP

On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux@xxxxxxxxx> wrote:
 
Hi,
 
I have a RHEL 5.1  cluster that's constantly being accessed by an
application from a Windows server application via sqlnet (ie Tcp
port 1521) which caused a specific Oracle accounts to be locked.
 
The owner of the Windows box does not know why the Filenet
application is doing this so while she's doing the research which
configuration in Filenet needs to be fixed to stop this, we need an
interim measure to block this Windows server's access to the cluster.
 
Thus I would like to set up iptables / firewall on this Linux box to
stop the sqlnet access.  Can someone provide me some example
commands / syntax ?
 
Source IP address : 10.5.5.25   (Windows server)
Tcp port : 1521
My Linux boxes IP address :  10.5.5.46 / .47
My Linux cluster virtual addr : 10.5.5.45
 
In fact I would like to block on all ports on the Linux cluster to stop
this Windows server from accessing it.  So what's the exact commands
I should issue on each of the Linux box?  Would iptables also block
the Windows server from accessing the cluster virtual IP addr?
 
 
Thanks
U
 

 

--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster


--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster


--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster


--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster


--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster


--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster

--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster

[Index of Archives]     [Corosync Cluster Engine]     [GFS]     [Linux Virtualization]     [Centos Virtualization]     [Centos]     [Linux RAID]     [Fedora Users]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Camping]

  Powered by Linux