LDAP (Lightweight Directory Access Protocol) powerful enterprise class directory service by default listen on UDP port 389 for queries. Following iptable rules allows incoming client request (open port UDP port 389) for server IP address 202.54.1.20 :
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 389 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s 202.54.1.20 --sport 389 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Restrict access to LDAP database server from your network is essential, following iptables allows incoming LDAP client request from IP address 202.54.1.0/24 network only:
iptables -A INPUT -p udp -s 202.54.1.0/24 --sport 1024:65535 -d 202.54.1.20 --dport 389 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s 202.54.1.20 --sport 389 -d 202.54.1.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
