I did not see a response so I will pose the question separately.
There is an issue with the grammar of the question or the explanation of the failure.
“2. Block incoming port 6000 on all apps for everyone except for LBR host.”
This says only accept request from LBR host.
Which is what I did.
Attempts access the app server from any other host through port 6000 failed, only request from LBR was successful.
Can you help me and other understand the question/response better?
Thanks,
Joe.
@Joe Yes, you understood it correctly but your answer failed due to multiple issues. Check the errors that were reported once task failed.
Inderpreet, thank you for your response. If I may ask a follow up question,
My solution was to create for a --zone with the rules for this host. Was this an acceptable solution or do I need to implement it using existing --zones such as public/internal?
Thanks,
Joe
you need to allow the IP and the port before you can reject the port
IPtables work on first match basis
if you block the port first, then allow the IP with port it wont work, because you already
mentioned in the rule above to block the port. As mentioned IPtables checks the rule one after the other
-A input -p tcp --dport # -s ip -j accpet
then you reject the port