 | | | iptables how to close mysql port 3306 | iptables how to close mysql port 3306 2006-04-04 - By administrator tootai
Back
Andrew Kelly wrote:
> On Tue, 2006-04-04 at 01:28 +0200, Maxim Vexler wrote:
>
>> On 4/4/06, Ted Potter <tpotter@(protected)> wrote:
>>
>>> On 4/3/06, Ted Potter <tpotter@(protected)> wrote:
>>>
>>>> On 4/3/06, A. Khattri <ajai@(protected)> wrote:
>>>>
>>>>> On Mon, 3 Apr 2006, Ted Potter wrote:
>>>>>
>>>>>
>>>>>> To make it fun, no I can not install anything. No there is not gui.
>>>>>> Everthing I do must be from
>>>>>> the command line on the box. Bout the only blessing is I can ssh in to
the
>>>>>> box as root.
>>>>>>
>>>>>> Thanks for any who care to play and share.
>>>>>>
>>>>>> PS
>>>>>>
>>>>>> I tried the following:
>>>>>>
>>>>>> iptables -A INPUT -p tcp -d 3306 -j REJECT
>>>>>>
>>>>>> then I see
>>>>>>
>>>>>> iptables --list
>>>>>> REJECT tcp -- anywhere 0.0.12.234 reject-wthi icmp-port-unreachable
>>>>>>
>>>>>> and I can still log on to the server remotely.
>>>>>>
>>>>> Much easier to edit /etc/my.cnf and tell MySQL to not use networking
>>>>> (skip-networking) or tell it to listen on 127.0.0.1 (bind-address).
>>>>>
>>>> Thanks for the tip, however I can find no such file on the server. Darn it
>>>> that would of been a sweet fix.
>>>>
>>>> Thank you !
>>>>
>>>> Ted
>>>>
>>> ok so I tried this
>>> # iptables -A INPUT -p tcp -dports 3306 -j DROP
>>> Bad argument 3306
>>> #
>>> huh ? the manual states -dports is an valid alias for --destination-ports
>>>
>>> OK so
>>> [root@(protected) bin]# iptables -A INPUT -p tcp -dports 3306 -j DROP
>>> Bad argument `3306'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> [root@(protected) bin]# iptables -A INPUT -p tcp --dports 3306 -j DROP
>>> iptables v1.2.8: Unknown arg `--dports'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> [root@(protected) bin]#
>>> [root@(protected) bin]# iptables -A INPUT -p tcp --destination-ports 3306 -j
DROP
>>> iptables v1.2.8: Unknown arg `--destination-ports'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> [root@(protected) bin]# iptables -A INPUT -p tcp -destination-ports 3306 -j DROP
>>> Bad argument `3306'
>>> Try `iptables -h' or 'iptables --help' for more information.
>>>
>>> Any other ideas ? - for now I am going to find a cli interface that might
help
>>> get this done.
>>>
>>>
>> For tcp it [-dport] && [--destination-port], that is no ('s) at the end.
>> Other then that the filter looks OK.
>>
>
> No, no, dports and destination-ports were correct. The problem is that
> a double hyphen is required and appears to have been forgotten.
>
> --dports and NOT -dports
>
Hmmh, Debian SARGE:
# Accept http from our Network's
$IPTABLES -A INPUT -i ! $EXTERNAL_DEVICE -p TCP --dport 80 -j
ACCEPT
--
Daniel
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe
|
|
|