Need to block port 1521 for all machines except one.

Barry Brimer lists at brimer.org
Mon Apr 6 15:51:46 UTC 2009


iptables -A INPUT -s <ip address of first machine you want to allow> -p tcp
--dport 1521 -j ACCEPT
iptables -A INPUT -s <ip address of second machine you want to allow> -p tcp
--dport 1521 -j ACCEPT
<continue as needed>
iptables -A INPUT -p tcp --dport 1521 -j DROP

Quoting Rohit khaladkar <rohit.khaladkar at gmail.com>:

> Hi!You found that right. There were other iptable rules that were
> conflicting. The following command worked.
>
> iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT
> iptables -A INPUT -p tcp --dport 1521 -j DROP
>
>
> But the problem the command gave me is I can't access the database from the
> database server itself.
>
> Is there any way out we can modify this command to work for two machines.
>
>
> Thanks!
> Rohit Khaladkar
>
> On Tue, Mar 31, 2009 at 5:21 PM, Barry Brimer <lists at brimer.org> wrote:
>
> > Hi All,As a security measure, I need to block port 1521on the database
> >> server , which is used by Oracle for all machines, except one.I tried
> >> using
> >> the following commands to block the port, but for some reason it is not
> >> working.Can someone please help me.
> >>
> >>
> >> iptables -A INPUT -s $1 -p tcp --dport 1521 -j ACCEPT
> >> iptables -A INPUT -p tcp --dport 1521 -j DROP
> >>
> >> where $1 is the machine name or ip address of the machine which needs
> >> access
> >> to the port.
> >>
> >
> > I can't help but notice that you are using -A to append rules at the end of
> > your existing INPUT chain.  Are there other firewall rules above these
> rules
> > that would be accepting the traffic before these rules are even hit?
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> !DSPAM:49da2230189793619052188!
>
>






More information about the redhat-list mailing list