 | | | iptables how to close mysql port 3306 | iptables how to close mysql port 3306 2006-04-04 - By Ted Potter
Back
On 4/4/06, Andrew Kelly <akelly@(protected)> wrote:
> On Tue, 2006-04-04 at 01:28 +0200, Maxim Vexler wrote:
> > On 4/4/06, Ted Potter <tpotter@(protected)> wrote:
> > > On 4/3/06, Ted Potter <tpotter@(protected)> wrote:
> > > > On 4/3/06, A. Khattri <ajai@(protected)> wrote:
> > > > > On Mon, 3 Apr 2006, Ted Potter wrote:
> > > > >
> > > > > > To make it fun, no I can not install anything. No there is not gui.
> > > > > > Everthing I do must be from
> > > > > > the command line on the box. Bout the only blessing is I can ssh in
to the
> > > > > > box as root.
> > > > > >
> > > > > > Thanks for any who care to play and share.
> > > > > >
> > > > > > PS
> > > > > >
> > > > > > I tried the following:
> > > > > >
> > > > > > iptables -A INPUT -p tcp -d 3306 -j REJECT
> > > > > >
> > > > > > then I see
> > > > > >
> > > > > > iptables --list
> > > > > > REJECT tcp -- anywhere 0.0.12.234 reject-wthi icmp-port-unreachable
> > > > > >
> > > > > > and I can still log on to the server remotely.
> > > > >
> > > > > Much easier to edit /etc/my.cnf and tell MySQL to not use networking
> > > > > (skip-networking) or tell it to listen on 127.0.0.1 (bind-address).
> > > >
> > > >
> > > > Thanks for the tip, however I can find no such file on the server. Darn
it
> > > > that would of been a sweet fix.
> > > >
> > > > Thank you !
> > > >
> > > > Ted
> > >
> > > ok so I tried this
> > > # iptables -A INPUT -p tcp -dports 3306 -j DROP
> > > Bad argument 3306
> > > #
> > > huh ? the manual states -dports is an valid alias for --destination-ports
> > >
> > > OK so
> > > [root@(protected) bin]# iptables -A INPUT -p tcp -dports 3306 -j DROP
> > > Bad argument `3306'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > > [root@(protected) bin]# iptables -A INPUT -p tcp --dports 3306 -j DROP
> > > iptables v1.2.8: Unknown arg `--dports'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > > [root@(protected) bin]#
> > > [root@(protected) bin]# iptables -A INPUT -p tcp --destination-ports 3306 -j
DROP
> > > iptables v1.2.8: Unknown arg `--destination-ports'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > > [root@(protected) bin]# iptables -A INPUT -p tcp -destination-ports 3306 -j
DROP
> > > Bad argument `3306'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > >
> > > Any other ideas ? - for now I am going to find a cli interface that might
help
> > > get this done.
> > >
> >
> > For tcp it [-dport] && [--destination-port], that is no ('s) at the end.
> > Other then that the filter looks OK.
>
> No, no, dports and destination-ports were correct. The problem is that
> a double hyphen is required and appears to have been forgotten.
>
> --dports and NOT -dports
>
> Andy
>
> >
> > HTH
and the winner is !
iptables -A INPUT -p tcp --destination-port 3306 -j DROP
sorry for all my confusion. Thanks to EVERYONE who responded !
the support is greatly appreciated.
Ted
> >
> > --
> > Cheers,
> > Maxim Vexler (hq4ever).
> >
> > Do u GNU ?
> >
> > __ ____ ____ ____ ____ ____ ____ ____ ____ ____
> > Redhat-install-list mailing list
> > Redhat-install-list@(protected)
> > https://www.redhat.com/mailman/listinfo/redhat-install-list
> > To Unsubscribe Go To ABOVE URL or send a message to:
> > redhat-install-list-request@(protected)
> > Subject: unsubscribe
>
>
--
Ted Potter
tpotter@(protected)
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe
|
|
|