Firewall on Linux
A firewall monitors and controls incoming and outgoing network traffic based on preconfigured security rules. It's not necessarily an appliance, it could be a service or system in OS.
To open port 1521 for Oracle database on Linux server, you should know what kind of firewall you have on the server. Usually, there're 2 kinds of firewalls on Linux.
- Firewalld
- IPTables
The applied Linux server is usually release 7 or later.
The applied Linux server is usually release 6 or earlier.
If your database is running on Windows platform, you may check the following post: How to Open Port 1521 on Windows Server.
Firewalld
You may choose to:
Add Port 1521 to Firewalld
Here we open port 1521 for listener.
Check Current Setting of Firewalld
[root@test ~]# firewall-cmd --state
running
[root@test ~]# firewall-cmd --list-all
public (default, active)
interfaces: eno16777736
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Add Port 1521 to Firewalld Permanently
[root@test ~]# firewall-cmd --permanent --add-port=1521/tcp
success
Reload Firewalld
[root@test ~]# firewall-cmd --reload
success
Verify Result
[root@test ~]# firewall-cmd --list-all
public (default, active)
interfaces: eno16777736
sources:
services: dhcpv6-client ssh
ports: 1521/tcp 1158/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Completely Disable Firewalld
In practice, we sometimes rely on external firewalls to block unallowable connections. To completely turn off Firewalld, we can take the following steps.
Stop Firewalld
[root@test ~]# systemctl stop firewalld
Disable Firewalld
[root@test ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
In order to complement the strategy, we can also make a black list for blocking specific database connections.
IPTables
You may choose to:
Add Port 1521 to IPTables
Open port 1521 in the firewall for remote users by root.
[root@test ~]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
[root@test ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
...
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1521
...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Don't forget to save the change.
[root@test ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Completely Disable IPTables
If you have external firewalls to block unallowable connections, it's unnecessary to use IPTables. To completely turn off IPTables, we can take the following steps.
Check Current Setting of IPTables
[root@test ~]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Stop IPTables
[root@test ~]# service iptables stop
Disable IPTables
[root@test ~]# chkconfig iptables off
Verify Result
[root@test ~]# chkconfig --list | grep iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
To know more about how to persist firewall rules permanently, you may follow the link.