The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
Reload this Page Restrict access to specific users.
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: Restrict access to specific users.
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #5 (permalink)  
Old 08-22-2008
nua7 nua7 is offline
Registered User
  
 

Join Date: Mar 2008
Location: /bin/sh
Posts: 353
Hi All,
I am sorry for not giving all the information. But here is my actual need. I would be having Oracle database on a Red hat Linux server which would listen to Port 1521(Default port for oracle).

I need to restrict users to this Port.I thought two solutions for this using iptables.

Solution 1 : Set the firewall with iptables rules, to allow ip addresses of a particular subnet to access the Oracle port.Using this rule only machines on the DBserver's subnet are able to communicate with it on Port 1521.


Code:
iptables -A INPUT -i eth0 -p tcp --dport 1521 -s ! <subnet mask value>

Solution 2:
Have a list of all valid IP's in a file and set a rule in the iptable to allow access to those IP addreesses only.

Code:
iptables -P FORWARD DROP 
for mac in $(cat ipaddressfile); do 
iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT 
done

Please let me know if I am on the right track or if something else needs to be done.Also kindly let me know , which solution would work better looking at the security point of view.

Thanks!
nua7