Problem Description:
Security Scan port, the following security rectification recommendations
192.168.229.40 4100 requires no open Sybase database port, precise access control, only for trusted addresses
132.228.166.14 1433 requires not open SQL2000 database port, do precise access control, only open to the trust address
Workaround:
I add the following firewall rules on the corresponding host,
Iptables-i input-p TCP--dport 4100-j DROP iptables-i input-s 192.168.229.40-p tcp--dport 4100-j ACCEPT
192.168.229.40 only allow 4100 port access to this machine;
Iptables-i input-p TCP--dport 1433-j DROP iptables-i input-s 132.228.166.14-p tcp--dport 1433-j ACCEPT
132.228.166.14 only allow 1433 port access to this machine;
[[Email protected] sybase]# service iptables restart Clears firewall rules: [set chains to ACCEPT policy:filter nat [OK] uninstalling iiptables Module: [ OK] Apply iptables firewall rules: [OK] load additional iptables Module:ip_conntrack_netbios_ns [OK]
After restarting the Firewall service, it was found that the firewall rules that had just been set did not take effect, and finally, by looking at the official documents of Iptables, it was found that the firewall would be permanently
/etc/sysconfig/iptables add the appropriate rules;
Set Firewall rule Restart failure