IpTable

> Operating System - Kernel (Windows, Unix, Linux) > Linux / Unix

1 - About

iptables is a Firewall and NAT.

The actual iptables rules are created and customized on the command line with the command :

  • iptables for IPv4
  • and ip6tables for IPv6.

The iptables command inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.

Iptables and firewalld services conflict

Advertising

3 - Management

3.1 - Start / Stop

You can start, stop, and restart iptables after booting by using the commands:

service iptables stop
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
service iptables stop
service iptables status
Firewall is stopped.

3.2 - How to configure Iptable to allow all connection to the Oracle Database

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0/0 --dport 1521 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --sport 1521 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
service iptables save
service iptables restart

Verify that the listener of your database is up and running otherwise you may have an error of the network adapter

3.3 - List

iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6006:6009
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:6014:wrspice
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8185
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6013
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6005
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pcsync-https
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7180

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
os/linux/iptable.txt · Last modified: 2019/09/26 12:18 by gerardnico