Not sure Oracle allows tcpwrappers... Rob Marti I'd do -A INPUT -s !machine_A -p tcp --dport 1521 -j DROP If you're only ever going to give one box access to the database. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Ryan Golhar Sent: Monday, October 20, 2008 8:58 AM To: General Red Hat Linux discussion list Subject: Re: Restrict access to a particular server. Why not use hosts.allow/hosts.deny from xinetd? I allow port 22 access via iptables, but use xinetd to restrict access by host. The reason for this is there seems to be a lot of spoofing attempts Rohit khaladkar wrote: > Great! This helps!! Thanks a lot!! > Rohit > > On Mon, Oct 20, 2008 at 3:45 PM, Stephen Gilbert <linuxelf@xxxxxxxxx> wrote: > >> You can either set your default policy to drop >> >> iptables -P INPUT DROP >> >> This would drop all packets from all servers by default. Then the >> >> iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT >> >> would accept only packets from machine_A into Oracle. >> >> You may want to add a few more ports, such as 22 for ssh access. >> >> Alternately, you could add >> >> iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT iptables >> -A INPUT -p tcp --dport 1521 -j DROP >> >> Baseically, this says machine A can hit 1521, but anyone else that >> tries, just drop the packet. >> >> Rohit khaladkar wrote: >>> Thanks Geoff!! This would definitely help. So can there cannot be a >> master >>> rule on the which would prevent all ip adresses except one.(machine A)? >>> Thanks! >>> Rohit >>> >>> On Mon, Oct 20, 2008 at 2:07 PM, Geofrey Rainey >>> <Geofrey.Rainey@xxxxxxxxxx>wrote: >>> >>> >>>> You want something like this: >>>> >>>> Iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT >>>> >>>> This rule means allow access to port 1521 from IP machine_A. >>>> Of course this rule alone will not prevent all-and-sundry from >>>> Connecting to the server on any port, so you'll need to add Many >>>> more rules to secure your server. >>>> >>>> Regards, >>>> Geoff. >>>> >>>> -----Original Message----- >>>> From: redhat-list-bounces@xxxxxxxxxx >>>> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Rohit >>>> khaladkar >>>> Sent: Monday, 20 October 2008 8:10 p.m. >>>> To: General Red Hat Linux discussion list >>>> Subject: Restrict access to a particular server. >>>> >>>> Hi All,I have two machines with Red Hat linux 5.2 installed of >>>> which one is a database server running Oracle 10.0.4 on it. I need >>>> a iptable rule which would make sure that only the other machine >>>> would have access to it. >>>> >>>> For eg : If I have two macihnes, machine A and machine B, of which >>>> machine B is a database server, can I setup a iptable rule on >>>> machine B , which would allow access to the database only by machine A. >>>> >>>> Please help. >>>> >>>> Thanks! >>>> Rohit Khaladkar >>>> -- >>>> redhat-list mailing list >>>> unsubscribe >>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> ========================================================== >>>> For more information on the Television New Zealand Group, visit us >>>> online at tvnz.co.nz >>>> ========================================================== >>>> CAUTION: This e-mail and any attachment(s) contain information >>>> that is intended to be read only by the named recipient(s). This >>>> information is not to be used or stored by any other person and/or organisation. >>>> >>>> >>>> -- >>>> redhat-list mailing list >>>> unsubscribe >>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> >>>> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
