 | | | iptables how to close mysql port 3306 | iptables how to close mysql port 3306 2006-04-03 - By administrator tootai
Back
Ted Potter wrote:
>
> Greetings,
>
> have a machine with kernel 2.4.21-27.0.2.EL
>
> can someone please provide the command line for using iptables to
> close off port 3306 so remote
> mysql user can not attach to the mysqlserver running on this box.
>
> To make it fun, no I can not install anything. No there is not gui.
> Everthing I do must be from
> the command line on the box. Bout the only blessing is I can ssh in to
> the box as root.
>
> Thanks for any who care to play and share.
>
> PS
>
> I tried the following:
>
> iptables -A INPUT -p tcp -d 3306 -j REJECT
>
> then I see
>
> iptables --list
> REJECT tcp -- anywhere 0.0.12.234 <http://0.0.12.234> reject-wthi
> icmp-port-unreachable
>
> and I can still log on to the server remotely.
>
>
> Thanks again.
> (because it is Monday after 4-1 and the joker decided to wait!)
Hi Ted,
the best if you don't want that user connect to mysql is ... to stop the
service;-)
The rule you give with -d is for IP address, not port. It's --dport you
have to use. The best start for your iptable rules is dropping
everything and then open what you need
Ex:
# Flush all Rules
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
# Deny all by default
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
<Your rules for opening address/ports here>
--
Daniel
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe
|
|
|