Use the following script to run oracle database can protect Linux host
Test environment: server RHEL AS3U3 + Oracle 10g client Windows 2000 sp4 + Oracle 9i
# # # # # # # # # # # # # # # # Oraclefirewall.sh # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#! / Bin / bash
LC_ADDR = 192.168.1.99
LO_ADDR = 127.0.0.1
iptables-F
# Clear the existing regulatory
iptables-P INPUT DROP
# Iptables-P OUTPUT DROP
# Set the default rule for INPUT and OUTPUT chain to DROP, not only does not allow any packets arriving at the local, but also allow local outsourcing
iptables-A INPUT-p ALL-s $ LC_ADDR-d $ LC_ADDR-j ACCEPT
iptables-A OUTPUT-p ALL-s $ LC_ADDR-d $ LC_ADDR-j ACCEPT
iptables-A INPUT-p ALL-s $ LO_ADDR-d $ LO_ADDR-j ACCEPT
iptables-A OUTPUT-p ALL-s $ LO_ADDR-d $ LO_ADDR-j ACCEPT
# Allow the unit and the contact must be open, or the listener does not start properly
iptables-A INPUT-p tcp – dport 22-j ACCEPT
iptables-A OUTPUT-p tcp – sport 22-j ACCEPT
# Add rules to allow inbound ssh connection
iptables-A INPUT-p tcp – dport 1521-j ACCEPT
iptables-A OUTPUT-p tcp – sport 1521-j ACCEPT
# Add a rule that allows inbound connection port 1521, which is to allow other hosts to access the machine through the listener database.
# If the listener is not listening port 1521, be revised accordingly
iptables-A INPUT-p tcp – dport 5560-j ACCEPT
iptables-A OUTPUT-p tcp – sport 5560-j ACCEPT
# Add rules to allow inbound port 5560 connection, that is, to allow other hosts to access the machine isqlplus
iptables-A INPUT-p tcp – dport 5500-j ACCEPT
iptables-A OUTPUT-p tcp – sport 5500-j ACCEPT
# Add rules to allow inbound port 55600 connected, that is, to allow other hosts to access the machine em
# # # # # # # # # # # # # # # # End of here # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
