-----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar Sent: Monday, April 06, 2009 10:39 AM To: General Red Hat Linux discussion list Subject: Re: Need to block port 1521 for all machines except one. Hi!You found that right. There were other iptable rules that were conflicting. The following command worked. iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT iptables -A INPUT -p tcp --dport 1521 -j DROP But the problem the command gave me is I can't access the database from the database server itself. Is there any way out we can modify this command to work for two machines. Thanks! Rohit Khaladkar On Tue, Mar 31, 2009 at 5:21 PM, Barry Brimer <lists@xxxxxxxxxx> wrote: > Hi All,As a security measure, I need to block port 1521on the database >> server , which is used by Oracle for all machines, except one.I tried >> using >> the following commands to block the port, but for some reason it is not >> working.Can someone please help me. >> >> >> iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT >> iptables -A INPUT -p tcp --dport 1521 -j DROP >> >> where $1 is the machine name or ip address of the machine which needs >> access >> to the port. >> > > I can't help but notice that you are using -A to append rules at the end of > your existing INPUT chain. Are there other firewall rules above these rules > that would be accepting the traffic before these rules are even hit? > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -------------------------------------------------------------------- A simple fix would be to iptables -I INPUT -I lo -j ACCEPT but really your INPUT chain might have all kinds of stuff messed up - if you post it I can help clean it up. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
