Restrict access to a particular server.
Ryan Golhar
golharam at umdnj.edu
Mon Oct 20 13:58:28 UTC 2008
Why not use hosts.allow/hosts.deny from xinetd? I allow port 22 access
via iptables, but use xinetd to restrict access by host. The reason for
this is there seems to be a lot of spoofing attempts
Rohit khaladkar wrote:
> Great! This helps!! Thanks a lot!!
> Rohit
>
> On Mon, Oct 20, 2008 at 3:45 PM, Stephen Gilbert <linuxelf at gmail.com> wrote:
>
>> You can either set your default policy to drop
>>
>> iptables -P INPUT DROP
>>
>> This would drop all packets from all servers by default. Then the
>>
>> iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
>>
>> would accept only packets from machine_A into Oracle.
>>
>> You may want to add a few more ports, such as 22 for ssh access.
>>
>> Alternately, you could add
>>
>> iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 1521 -j DROP
>>
>> Baseically, this says machine A can hit 1521, but anyone else that
>> tries, just drop the packet.
>>
>> Rohit khaladkar wrote:
>>> Thanks Geoff!! This would definitely help. So can there cannot be a
>> master
>>> rule on the which would prevent all ip adresses except one.(machine A)?
>>> Thanks!
>>> Rohit
>>>
>>> On Mon, Oct 20, 2008 at 2:07 PM, Geofrey Rainey
>>> <Geofrey.Rainey at tvnz.co.nz>wrote:
>>>
>>>
>>>> You want something like this:
>>>>
>>>> Iptables -A INPUT -s machine_A -p tcp --dport 1521 -j ACCEPT
>>>>
>>>> This rule means allow access to port 1521 from IP machine_A.
>>>> Of course this rule alone will not prevent all-and-sundry from
>>>> Connecting to the server on any port, so you'll need to add
>>>> Many more rules to secure your server.
>>>>
>>>> Regards,
>>>> Geoff.
>>>>
>>>> -----Original Message-----
>>>> From: redhat-list-bounces at redhat.com
>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Rohit khaladkar
>>>> Sent: Monday, 20 October 2008 8:10 p.m.
>>>> To: General Red Hat Linux discussion list
>>>> Subject: Restrict access to a particular server.
>>>>
>>>> Hi All,I have two machines with Red Hat linux 5.2 installed of which one
>>>> is a database server running Oracle 10.0.4 on it. I need a iptable rule
>>>> which would make sure that only the other machine would have access to
>>>> it.
>>>>
>>>> For eg : If I have two macihnes, machine A and machine B, of which
>>>> machine B is a database server, can I setup a iptable rule on machine B
>>>> , which would allow access to the database only by machine A.
>>>>
>>>> Please help.
>>>>
>>>> Thanks!
>>>> Rohit Khaladkar
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>> ==========================================================
>>>> For more information on the Television New Zealand Group, visit us
>>>> online at tvnz.co.nz
>>>> ==========================================================
>>>> CAUTION: This e-mail and any attachment(s) contain information that
>>>> is intended to be read only by the named recipient(s). This information
>>>> is not to be used or stored by any other person and/or organisation.
>>>>
>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
More information about the redhat-list
mailing list