iptables how to close mysql port 3306
Administrator TOOTAI
admin at tootai.net
Mon Apr 3 20:30:55 UTC 2006
Ted Potter wrote:
>
> Greetings,
>
> have a machine with kernel 2.4.21-27.0.2.EL
>
> can someone please provide the command line for using iptables to
> close off port 3306 so remote
> mysql user can not attach to the mysqlserver running on this box.
>
> To make it fun, no I can not install anything. No there is not gui.
> Everthing I do must be from
> the command line on the box. Bout the only blessing is I can ssh in to
> the box as root.
>
> Thanks for any who care to play and share.
>
> PS
>
> I tried the following:
>
> iptables -A INPUT -p tcp -d 3306 -j REJECT
>
> then I see
>
> iptables --list
> REJECT tcp -- anywhere 0.0.12.234 <http://0.0.12.234> reject-wthi
> icmp-port-unreachable
>
> and I can still log on to the server remotely.
>
>
> Thanks again.
> (because it is Monday after 4-1 and the joker decided to wait!)
Hi Ted,
the best if you don't want that user connect to mysql is ... to stop the
service;-)
The rule you give with -d is for IP address, not port. It's --dport you
have to use. The best start for your iptable rules is dropping
everything and then open what you need
Ex:
# Flush all Rules
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
# Deny all by default
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
<Your rules for opening address/ports here>
--
Daniel
More information about the Redhat-install-list
mailing list