Some of us maybe already familiar with this tools (iptables) as a firewall machine. Here is post iptables script that I always used on my server.
I always set the default policy to Drop any packet, and then allow any port that i'm using.
Here is the example of iptables script on my oracle database (using port 8550)
#/bin/bash
iptables -Z
iptables -F -t filter
iptables -F -t nat
iptables -F -t mangle
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Allowing ICMP (ping) for testing reason
iptables -A INPUT -s 0/0 -d 0/0 -p icmp -j ACCEPT
#For Localhost
iptables -A INPUT -s 127.0.0.1 -d 0/0 -j ACCEPT
#For Oracle DB
iptables -A INPUT -s 2.2.2.1 -d 2.2.2.2 -p tcp --dport 8550 -j ACCEPT
#For any established or related (fto) connection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
You can change those script as you needed.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment