<div> </div>
<div>
<div>I can't even start up iptables as the previous admin hardened it</div>
<div>(but not sure how / where he hardened it)</div>
<div> </div>
<div>So despite that I do</div>
<div>service iptables start,</div>
<div>"service iptables status" still show "Firewall is stopped"</div>
<div> </div>
<div>Now, can I use /etc/hosts.deny instead ?</div>
<div>Do I need to do "pkill -HUP tcpd" or </div>
<div>"service xinetd restart" - which of the two</div>
<div>commands shd I execute & what's the syntax</div>
<div>in /etc/hosts.deny ?</div>
<div> </div>
<div>Thanks<br><br></div></div>
<div class="gmail_quote">On Fri, Sep 18, 2009 at 11:38 AM, Ian Hayes <span dir="ltr"><<a href="mailto:cthulhucalling@gmail.com">cthulhucalling@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">[root@cthulhu ~]# iptables -L --line-numbers<br>Chain INPUT (policy ACCEPT)<br>num target prot opt source destination<br>
1 DROP all -- 10.5.5.5 anywhere<br>2 DROP all -- 10.5.5.6 anywhere<br>3 DROP all -- 10.5.5.7 anywhere<br><br>Find the rule number that matches the one you want to delete. Say you want to delete #2 from the INPUT table<br>
<br>[root@cthulhu ~]# iptables -D INPUT 2<br>[root@cthulhu ~]# iptables -L --line-numbers<br>Chain INPUT (policy ACCEPT)<br>num target prot opt source destination<br>1 DROP all -- 10.5.5.5 anywhere<br>
2 DROP all -- 10.5.5.7 anywhere<br><br><br>Or you can do iptables -F which will basically drop all your iptables. Make sure you've saved recently before you do that.
<div>
<div></div>
<div class="h5"><br><br>
<div class="gmail_quote">On Thu, Sep 17, 2009 at 8:22 PM, sunhux G <span dir="ltr"><<a href="mailto:sunhux@gmail.com" target="_blank">sunhux@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Thanks Ian.</div>
<div> </div>
<div>So I issue this command on both cluster nodes and it will also</div>
<div>stop access to the virtual cluster address?</div>
<div> </div>
<div>What's the command to reverse / remove <br>" iptables -A INPUT -s 10.5.5.25 -j DROP " ?</div>
<div>Just in case there's a problem, I'll need to reverse.</div>
<div> </div>
<div>Tks</div>
<div>U<br></div>
<div>
<div></div>
<div>
<div class="gmail_quote">On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <span dir="ltr"><<a href="mailto:cthulhucalling@gmail.com" target="_blank">cthulhucalling@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">iptables -A INPUT -s 10.5.5.25 -j DROP<br><br>
<div class="gmail_quote">
<div>
<div></div>
<div>On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <span dir="ltr"><<a href="mailto:sunhux@gmail.com" target="_blank">sunhux@gmail.com</a>></span> wrote:<br></div></div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>
<div></div>
<div>
<div> </div>
<div>
<div>Hi,</div>
<div> </div>
<div>I have a RHEL 5.1 cluster that's constantly being accessed by an</div>
<div>application from a Windows server application via sqlnet (ie Tcp</div>
<div>port 1521) which caused a specific Oracle accounts to be locked.</div>
<div> </div>
<div>The owner of the Windows box does not know why the Filenet</div>
<div>application is doing this so while she's doing the research which</div>
<div>configuration in Filenet needs to be fixed to stop this, we need an</div>
<div>interim measure to block this Windows server's access to the cluster.</div>
<div> </div>
<div>Thus I would like to set up iptables / firewall on this Linux box to</div>
<div>stop the sqlnet access. Can someone provide me some example</div>
<div>commands / syntax ?</div>
<div> </div>
<div>Source IP address : 10.5.5.25 (Windows server)</div>
<div>Tcp port : 1521</div>
<div>My Linux boxes IP address : 10.5.5.46 / .47</div>
<div>My Linux cluster virtual addr : 10.5.5.45</div>
<div> </div>
<div>In fact I would like to block on all ports on the Linux cluster to stop</div>
<div>this Windows server from accessing it. So what's the exact commands</div>
<div>I should issue on each of the Linux box? Would iptables also block</div>
<div>the Windows server from accessing the cluster virtual IP addr?</div>
<div> </div>
<div> </div>
<div>Thanks</div>
<div>U</div></div>
<div> </div>
<div><br> </div><br></div></div>--<br>Linux-cluster mailing list<br><a href="mailto:Linux-cluster@redhat.com" target="_blank">Linux-cluster@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/linux-cluster" target="_blank">https://www.redhat.com/mailman/listinfo/linux-cluster</a><br>
</blockquote></div><br><br>--<br>Linux-cluster mailing list<br><a href="mailto:Linux-cluster@redhat.com" target="_blank">Linux-cluster@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/linux-cluster" target="_blank">https://www.redhat.com/mailman/listinfo/linux-cluster</a><br>
</blockquote></div><br></div></div><br>--<br>Linux-cluster mailing list<br><a href="mailto:Linux-cluster@redhat.com" target="_blank">Linux-cluster@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/linux-cluster" target="_blank">https://www.redhat.com/mailman/listinfo/linux-cluster</a><br>
</blockquote></div><br></div></div><br>--<br>Linux-cluster mailing list<br><a href="mailto:Linux-cluster@redhat.com">Linux-cluster@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/linux-cluster" target="_blank">https://www.redhat.com/mailman/listinfo/linux-cluster</a><br>
</blockquote></div><br>