iptables how to close mysql port 3306

Ted Potter tpotter at techmarin.com
Tue Apr 4 08:49:49 UTC 2006 

On 4/4/06, Andrew Kelly <akelly at corisweb.org> wrote:
> On Tue, 2006-04-04 at 01:28 +0200, Maxim Vexler wrote:
> > On 4/4/06, Ted Potter <tpotter at techmarin.com> wrote:
> > > On 4/3/06, Ted Potter <tpotter at techmarin.com> wrote:
> > > > On 4/3/06, A. Khattri <ajai at bway.net> wrote:
> > > > > On Mon, 3 Apr 2006, Ted Potter wrote:
> > > > >
> > > > > > To make it fun, no I can not install anything. No there is not gui.
> > > > > > Everthing I do must be from
> > > > > > the command line on the box. Bout the only blessing is I can ssh in to the
> > > > > > box as root.
> > > > > >
> > > > > > Thanks for any who care to play and share.
> > > > > >
> > > > > > PS
> > > > > >
> > > > > > I tried the following:
> > > > > >
> > > > > > iptables -A INPUT -p tcp -d 3306 -j REJECT
> > > > > >
> > > > > > then I see
> > > > > >
> > > > > > iptables --list
> > > > > > REJECT tcp -- anywhere 0.0.12.234 reject-wthi icmp-port-unreachable
> > > > > >
> > > > > > and I can still log on to the server remotely.
> > > > >
> > > > > Much easier to edit /etc/my.cnf and tell MySQL to not use networking
> > > > > (skip-networking) or tell it to listen on 127.0.0.1 (bind-address).
> > > >
> > > >
> > > > Thanks for the tip, however I can find no such file on the server. Darn it
> > > > that would of been a sweet fix.
> > > >
> > > > Thank you !
> > > >
> > > > Ted
> > >
> > > ok so I tried this
> > > # iptables -A INPUT -p tcp  -dports 3306 -j DROP
> > > Bad argument 3306
> > > #
> > > huh ? the manual states -dports is an valid alias for --destination-ports
> > >
> > > OK so
> > > [root at d7148 bin]# iptables -A INPUT -p tcp  -dports 3306 -j DROP
> > > Bad argument `3306'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > > [root at d7148 bin]# iptables -A INPUT -p tcp  --dports 3306 -j DROP
> > > iptables v1.2.8: Unknown arg `--dports'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > > [root at d7148 bin]#
> > > [root at d7148 bin]# iptables -A INPUT -p tcp  --destination-ports  3306 -j DROP
> > > iptables v1.2.8: Unknown arg `--destination-ports'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > > [root at d7148 bin]# iptables -A INPUT -p tcp  -destination-ports  3306 -j DROP
> > > Bad argument `3306'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > >
> > > Any other ideas ? - for now I am going to find a cli interface that might help
> > > get this done.
> > >
> >
> > For tcp it [-dport] && [--destination-port], that is no ('s) at the end.
> > Other then that the filter looks OK.
>
> No, no, dports and destination-ports were correct. The problem is that
> a double hyphen is required and appears to have been forgotten.
>
>         --dports and NOT -dports
>
> Andy
>
> >
> > HTH

and the winner is !
iptables -A INPUT -p tcp  --destination-port 3306 -j DROP

sorry for all my confusion. Thanks to EVERYONE who responded !
the support is greatly appreciated.

Ted




> >
> > --
> > Cheers,
> > Maxim Vexler (hq4ever).
> >
> > Do u GNU ?
> >
> > _______________________________________________
> > Redhat-install-list mailing list
> > Redhat-install-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/redhat-install-list
> > To Unsubscribe Go To ABOVE URL or send a message to:
> > redhat-install-list-request at redhat.com
> > Subject: unsubscribe
>
>


--
Ted Potter
tpotter at techmarin.com

More information about the Redhat-install-list mailing list