Restrict access to a particular server.

Stephen Gilbert linuxelf at gmail.com
Mon Oct 20 10:15:58 UTC 2008 

You can either set your default policy to drop

iptables -P INPUT DROP

This would drop all packets from all servers by default.  Then the

iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT

would accept only packets from machine_A into Oracle.

You may want to add a few more ports, such as 22 for ssh access.

Alternately, you could add

iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
iptables -A INPUT -p tcp --dport 1521 -j DROP

Baseically, this says machine A can hit 1521, but anyone else that
tries, just drop the packet.

Rohit khaladkar wrote:
> Thanks Geoff!! This would definitely help. So can there cannot be a master
> rule on the  which would prevent all ip adresses except one.(machine A)?
> Thanks!
> Rohit
>
> On Mon, Oct 20, 2008 at 2:07 PM, Geofrey Rainey
> <Geofrey.Rainey at tvnz.co.nz>wrote:
>
>   
>> You want something like this:
>>
>> Iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
>>
>> This rule means allow access to port 1521 from IP machine_A.
>> Of course this rule alone will not prevent all-and-sundry from
>> Connecting to the server on any port, so you'll need to add
>> Many more rules to secure your server.
>>
>> Regards,
>> Geoff.
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Rohit khaladkar
>> Sent: Monday, 20 October 2008 8:10 p.m.
>> To: General Red Hat Linux discussion list
>> Subject: Restrict access to a particular server.
>>
>> Hi All,I have two machines with Red Hat linux 5.2 installed of which one
>> is a database server running Oracle 10.0.4 on it. I need a iptable rule
>> which would make sure that only the other machine would have access to
>> it.
>>
>> For eg : If I have two macihnes, machine A and machine B, of which
>> machine B is a database server, can I setup a iptable rule on machine B
>> , which would allow access to the database only by machine A.
>>
>> Please help.
>>
>> Thanks!
>> Rohit Khaladkar
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>> ==========================================================
>> For more information on the Television New Zealand Group, visit us
>> online at tvnz.co.nz
>> ==========================================================
>> CAUTION:  This e-mail and any attachment(s) contain information that
>> is intended to be read only by the named recipient(s).  This information
>> is not to be used or stored by any other person and/or organisation.
>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>

More information about the redhat-list mailing list