RE: Need to block port 1521 for all machines except one.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar
Sent: Monday, April 06, 2009 10:39 AM
To: General Red Hat Linux discussion list
Subject: Re: Need to block port 1521 for all machines except one.

Hi!You found that right. There were other iptable rules that were
conflicting. The following command worked.

iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT
iptables -A INPUT -p tcp --dport 1521 -j DROP


But the problem the command gave me is I can't access the database from the
database server itself.

Is there any way out we can modify this command to work for two machines.


Thanks!
Rohit Khaladkar

On Tue, Mar 31, 2009 at 5:21 PM, Barry Brimer <lists@xxxxxxxxxx> wrote:

> Hi All,As a security measure, I need to block port 1521on the database
>> server , which is used by Oracle for all machines, except one.I tried
>> using
>> the following commands to block the port, but for some reason it is not
>> working.Can someone please help me.
>>
>>
>> iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 1521 -j DROP
>>
>> where $1 is the machine name or ip address of the machine which needs
>> access
>> to the port.
>>
>
> I can't help but notice that you are using -A to append rules at the end of
> your existing INPUT chain.  Are there other firewall rules above these rules
> that would be accepting the traffic before these rules are even hit?
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--------------------------------------------------------------------
A simple fix would be to 
iptables -I INPUT -I lo -j ACCEPT

but really your INPUT chain might have all kinds of stuff messed up - if you post it I can help clean it up.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux