zoukankan      html  css  js  c++  java

  • linux防火墙开放1521端口

    问题描述:使用plsql连接数据库发现TNS报错,登录服务器发现防火墙开放,如果直接关闭防火墙,所有的端口都可以连接,但是实际中可能会遇到开启防火墙的库,这时候需要开放单一端口对某一服务器或者某一网段

    1.开放1521端口对所有服务器

    vi /etc/sysconfig/iptables

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT

    这句要放在 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 后面,要不然不生效

     重启防火墙

    [root@orcl ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@orcl ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:1521 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

    2.开放1521端口给指定网段,添加的指定IP,但是识别的是子网内的所有IP,其他同网段的IP都可以访问。如果去掉/24,指定IP的话,就访问不了。怎么指定单一端口给某一服务器?

    -A INPUT -s 192.168.163.6/24 -p tcp -m tcp --dport 1521 -j ACCEPT
    [root@orcl ~]# vi /etc/sysconfig/iptables
[root@orcl ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@orcl ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  192.168.163.0/24     0.0.0.0/0           tcp dpt:1521 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
  • 相关阅读:
    x32dbg之AttachHelper插件
    x32dbg插件之APIInfo
    x32dbg之Scylla脱壳插件
    x32dbg插件之strongOD(又名SharpOD)
    x32dbg新型插件之loli(萝莉)
    7 个超棒的监控工具
    成为程序员前需要做的10件事
    改良程序的11个技巧
    旧衣物捐献地址和注意事项
    一件衣服好不好,看看标签就知道
  • 原文地址:https://www.cnblogs.com/houzhiheng/p/13722941.html
Copyright © 2011-2022 走看看