Summary: [Linux-cluster] exact iptables command to stop a source from accessing a Linux cluster

sunhux G sunhux at gmail.com
Fri Sep 18 12:03:09 UTC 2009 

Thanks All/Raj, Ok, I miss something so
the following works :

# chkconfig iptables on
# /sbin/iptables -I RH-Firewall-1-INPUT -s 10.5.5.25 -j DROP
# /sbin/service iptables save   <== this will create /etc/sysconfig/iptables
# service iptables restart


Thanks


On Fri, Sep 18, 2009 at 6:46 PM, Rajveer Singh <torajveersingh at gmail.com>wrote:

> Dear sunHux,
>
> iptables stores rules in /etc/sysconfig/iptables file by default. So if you
> don't have any rules in this file, and try to start iptables service using
> "service iptables start" you will see the out of "service iptables status"
> as "Firewall is stopped".
>
> So it's not any issue and you can put any iptable rules.
>
> Re,
> Raj
>
>   On Fri, Sep 18, 2009 at 4:05 PM, sunhux G <sunhux at gmail.com> wrote:
>
>>
>>  I can't even start up iptables as the previous admin hardened it
>> (but not sure how / where he hardened it)
>>
>> So despite that I do
>> service iptables start,
>> "service iptables status" still show "Firewall is stopped"
>>
>> Now, can I use /etc/hosts.deny instead ?
>> Do I need to do "pkill -HUP tcpd"   or
>> "service xinetd restart"   - which of the two
>> commands shd I execute & what's the syntax
>> in /etc/hosts.deny ?
>>
>> Thanks
>>
>> On Fri, Sep 18, 2009 at 11:38 AM, Ian Hayes <cthulhucalling at gmail.com>wrote:
>>
>>> [root at cthulhu ~]# iptables -L --line-numbers
>>> Chain INPUT (policy ACCEPT)
>>> num  target     prot opt source               destination
>>> 1    DROP       all  --  10.5.5.5             anywhere
>>> 2    DROP       all  --  10.5.5.6             anywhere
>>> 3    DROP       all  --  10.5.5.7             anywhere
>>>
>>> Find the rule number that matches the one you want to delete. Say you
>>> want to delete #2 from the INPUT table
>>>
>>> [root at cthulhu ~]# iptables -D INPUT 2
>>> [root at cthulhu ~]# iptables -L --line-numbers
>>> Chain INPUT (policy ACCEPT)
>>> num  target     prot opt source               destination
>>> 1    DROP       all  --  10.5.5.5             anywhere
>>> 2    DROP       all  --  10.5.5.7             anywhere
>>>
>>>
>>> Or you can do iptables -F which will basically drop all your iptables.
>>> Make sure you've saved recently before you do that.
>>>
>>>
>>> On Thu, Sep 17, 2009 at 8:22 PM, sunhux G <sunhux at gmail.com> wrote:
>>>
>>>> Thanks Ian.
>>>>
>>>> So I issue this command on both cluster nodes and it will also
>>>> stop access to the virtual cluster address?
>>>>
>>>> What's the command to reverse / remove
>>>> " iptables -A INPUT -s 10.5.5.25 -j DROP " ?
>>>> Just in case there's a problem, I'll need to reverse.
>>>>
>>>> Tks
>>>> U
>>>>   On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <cthulhucalling at gmail.com
>>>> > wrote:
>>>>
>>>>> iptables -A INPUT -s 10.5.5.25 -j DROP
>>>>>
>>>>>   On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux at gmail.com> wrote:
>>>>>
>>>>>>
>>>>>>  Hi,
>>>>>>
>>>>>> I have a RHEL 5.1  cluster that's constantly being accessed by an
>>>>>> application from a Windows server application via sqlnet (ie Tcp
>>>>>> port 1521) which caused a specific Oracle accounts to be locked.
>>>>>>
>>>>>> The owner of the Windows box does not know why the Filenet
>>>>>> application is doing this so while she's doing the research which
>>>>>> configuration in Filenet needs to be fixed to stop this, we need an
>>>>>> interim measure to block this Windows server's access to the cluster.
>>>>>>
>>>>>> Thus I would like to set up iptables / firewall on this Linux box to
>>>>>> stop the sqlnet access.  Can someone provide me some example
>>>>>> commands / syntax ?
>>>>>>
>>>>>> Source IP address : 10.5.5.25   (Windows server)
>>>>>> Tcp port : 1521
>>>>>> My Linux boxes IP address :  10.5.5.46 / .47
>>>>>> My Linux cluster virtual addr : 10.5.5.45
>>>>>>
>>>>>> In fact I would like to block on all ports on the Linux cluster to
>>>>>> stop
>>>>>> this Windows server from accessing it.  So what's the exact commands
>>>>>> I should issue on each of the Linux box?  Would iptables also block
>>>>>> the Windows server from accessing the cluster virtual IP addr?
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> U
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Linux-cluster mailing list
>>>>>> Linux-cluster at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Linux-cluster mailing list
>>>>> Linux-cluster at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>>>>
>>>>
>>>>
>>>> --
>>>> Linux-cluster mailing list
>>>> Linux-cluster at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>>>
>>>
>>>
>>> --
>>> Linux-cluster mailing list
>>> Linux-cluster at redhat.com
>>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>>
>>
>>
>> --
>> Linux-cluster mailing list
>> Linux-cluster at redhat.com
>> https://www.redhat.com/mailman/listinfo/linux-cluster
>>
>
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20090918/84f375f3/attachment.htm>

More information about the Linux-cluster mailing list