iptables -A INPUT -s <ip address of first machine you want to allow> -p tcp --dport 1521 -j ACCEPT iptables -A INPUT -s <ip address of second machine you want to allow> -p tcp --dport 1521 -j ACCEPT <continue as needed> iptables -A INPUT -p tcp --dport 1521 -j DROP Quoting Rohit khaladkar <rohit.khaladkar@xxxxxxxxx>: > Hi!You found that right. There were other iptable rules that were > conflicting. The following command worked. > > iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT > iptables -A INPUT -p tcp --dport 1521 -j DROP > > > But the problem the command gave me is I can't access the database from the > database server itself. > > Is there any way out we can modify this command to work for two machines. > > > Thanks! > Rohit Khaladkar > > On Tue, Mar 31, 2009 at 5:21 PM, Barry Brimer <lists@xxxxxxxxxx> wrote: > > > Hi All,As a security measure, I need to block port 1521on the database > >> server , which is used by Oracle for all machines, except one.I tried > >> using > >> the following commands to block the port, but for some reason it is not > >> working.Can someone please help me. > >> > >> > >> iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT > >> iptables -A INPUT -p tcp --dport 1521 -j DROP > >> > >> where $1 is the machine name or ip address of the machine which needs > >> access > >> to the port. > >> > > > > I can't help but notice that you are using -A to append rules at the end of > > your existing INPUT chain. Are there other firewall rules above these > rules > > that would be accepting the traffic before these rules are even hit? > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > !DSPAM:49da2230189793619052188! > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list