Reason – there we are going to expose services using
different ports to different clients. Also each client cannot be access other
clients services. So we need to control it in os level. So we need to put some
firewall rules in iptables.
Please refer this to get basic knowledge about iptables and
what and how use IN, OUT, FORWARD rules,
as an example we have two esb servers and the outside esb
access service through inside esb, in that case we needed to put a firewall
rule mention that outside esb can only invoked by inside ESB, please check
below rule,
as an example, below firewall rule mention that the server only can access by xxx.xxx.xxx.111 via 8282 port. requests from other ips will deny by the server firelwall.
iptables -I INPUT -p tcp -m tcp -s xxx.xxx.xxx.111
--dport 8282 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 8282 -j DROP
/sbin/service iptables saveiptables -A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 8282 -j DROP
No comments:
Post a Comment