[Linux-cluster] exact iptables command to stop a source from accessing a Linux cluster
sunhux G
sunhux at gmail.com
Fri Sep 18 10:35:23 UTC 2009
I can't even start up iptables as the previous admin hardened it
(but not sure how / where he hardened it)
So despite that I do
service iptables start,
"service iptables status" still show "Firewall is stopped"
Now, can I use /etc/hosts.deny instead ?
Do I need to do "pkill -HUP tcpd" or
"service xinetd restart" - which of the two
commands shd I execute & what's the syntax
in /etc/hosts.deny ?
Thanks
On Fri, Sep 18, 2009 at 11:38 AM, Ian Hayes <cthulhucalling at gmail.com>wrote:
> [root at cthulhu ~]# iptables -L --line-numbers
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 DROP all -- 10.5.5.5 anywhere
> 2 DROP all -- 10.5.5.6 anywhere
> 3 DROP all -- 10.5.5.7 anywhere
>
> Find the rule number that matches the one you want to delete. Say you want
> to delete #2 from the INPUT table
>
> [root at cthulhu ~]# iptables -D INPUT 2
> [root at cthulhu ~]# iptables -L --line-numbers
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 DROP all -- 10.5.5.5 anywhere
> 2 DROP all -- 10.5.5.7 anywhere
>
>
> Or you can do iptables -F which will basically drop all your iptables. Make
> sure you've saved recently before you do that.
>
>
> On Thu, Sep 17, 2009 at 8:22 PM, sunhux G <sunhux at gmail.com> wrote:
>
>> Thanks Ian.
>>
>> So I issue this command on both cluster nodes and it will also
>> stop access to the virtual cluster address?
>>
>> What's the command to reverse / remove
>> " iptables -A INPUT -s 10.5.5.25 -j DROP " ?
>> Just in case there's a problem, I'll need to reverse.
>>
>> Tks
>> U
>> On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <cthulhucalling at gmail.com>wrote:
>>
>>> iptables -A INPUT -s 10.5.5.25 -j DROP
>>>
>>> On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux at gmail.com> wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> I have a RHEL 5.1 cluster that's constantly being accessed by an
>>>> application from a Windows server application via sqlnet (ie Tcp
>>>> port 1521) which caused a specific Oracle accounts to be locked.
>>>>
>>>> The owner of the Windows box does not know why the Filenet
>>>> application is doing this so while she's doing the research which
>>>> configuration in Filenet needs to be fixed to stop this, we need an
>>>> interim measure to block this Windows server's access to the cluster.
>>>>
>>>> Thus I would like to set up iptables / firewall on this Linux box to
>>>> stop the sqlnet access. Can someone provide me some example
>>>> commands / syntax ?
>>>>
>>>> Source IP address : 10.5.5.25 (Windows server)
>>>> Tcp port : 1521
>>>> My Linux boxes IP address : 10.5.5.46 / .47
>>>> My Linux cluster virtual addr : 10.5.5.45
>>>>
>>>> In fact I would like to block on all ports on the Linux cluster to stop
>>>> this Windows server from accessing it. So what's the exact commands
>>>> I should issue on each of the Linux box? Would iptables also block
>>>> the Windows server from accessing the cluster virtual IP addr?
>>>>
>>>>
>>>> Thanks
>>>> U
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Linux-cluster mailing list
>>>> Linux-cluster at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>>>
>>>
>>>
>>> --
>>> Linux-cluster mailing list
>>> Linux-cluster at redhat.com
>>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>>
>>
>>
>> --
>> Linux-cluster mailing list
>> Linux-cluster at redhat.com
>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>
>
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20090918/21bba89a/attachment.htm>
More information about the Linux-cluster
mailing list