Why not use hosts.allow/hosts.deny from xinetd? I allow port 22 access
via iptables, but use xinetd to restrict access by host. The reason for
this is there seems to be a lot of spoofing attempts
Rohit khaladkar wrote:
Great! This helps!! Thanks a lot!!
Rohit
On Mon, Oct 20, 2008 at 3:45 PM, Stephen Gilbert <linuxelf@xxxxxxxxx> wrote:
You can either set your default policy to drop
iptables -P INPUT DROP
This would drop all packets from all servers by default. Then the
iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
would accept only packets from machine_A into Oracle.
You may want to add a few more ports, such as 22 for ssh access.
Alternately, you could add
iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
iptables -A INPUT -p tcp --dport 1521 -j DROP
Baseically, this says machine A can hit 1521, but anyone else that
tries, just drop the packet.
Rohit khaladkar wrote:
Thanks Geoff!! This would definitely help. So can there cannot be a
master
rule on the which would prevent all ip adresses except one.(machine A)?
Thanks!
Rohit
On Mon, Oct 20, 2008 at 2:07 PM, Geofrey Rainey
<Geofrey.Rainey@xxxxxxxxxx>wrote:
You want something like this:
Iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
This rule means allow access to port 1521 from IP machine_A.
Of course this rule alone will not prevent all-and-sundry from
Connecting to the server on any port, so you'll need to add
Many more rules to secure your server.
Regards,
Geoff.
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar
Sent: Monday, 20 October 2008 8:10 p.m.
To: General Red Hat Linux discussion list
Subject: Restrict access to a particular server.
Hi All,I have two machines with Red Hat linux 5.2 installed of which one
is a database server running Oracle 10.0.4 on it. I need a iptable rule
which would make sure that only the other machine would have access to
it.
For eg : If I have two macihnes, machine A and machine B, of which
machine B is a database server, can I setup a iptable rule on machine B
, which would allow access to the database only by machine A.
Please help.
Thanks!
Rohit Khaladkar
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
==========================================================
For more information on the Television New Zealand Group, visit us
online at tvnz.co.nz
==========================================================
CAUTION: This e-mail and any attachment(s) contain information that
is intended to be read only by the named recipient(s). This information
is not to be used or stored by any other person and/or organisation.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
