iptables how to close mysql port 3306

[Ted Potter]

On 4/3/06, Ted Potter <tpotter at techmarin.com> wrote:
> On 4/3/06, A. Khattri <ajai at bway.net> wrote:
> > On Mon, 3 Apr 2006, Ted Potter wrote:
> >
> > > To make it fun, no I can not install anything. No there is not gui.
> > > Everthing I do must be from
> > > the command line on the box. Bout the only blessing is I can ssh in to the
> > > box as root.
> > >
> > > Thanks for any who care to play and share.
> > >
> > > PS
> > >
> > > I tried the following:
> > >
> > > iptables -A INPUT -p tcp -d 3306 -j REJECT
> > >
> > > then I see
> > >
> > > iptables --list
> > > REJECT tcp -- anywhere 0.0.12.234 reject-wthi icmp-port-unreachable
> > >
> > > and I can still log on to the server remotely.
> >
> > Much easier to edit /etc/my.cnf and tell MySQL to not use networking
> > (skip-networking) or tell it to listen on 127.0.0.1 (bind-address).
>
>
> Thanks for the tip, however I can find no such file on the server. Darn it
> that would of been a sweet fix.
>
> Thank you !
>
> Ted

ok so I tried this
# iptables -A INPUT -p tcp  -dports 3306 -j DROP
Bad argument 3306
#
huh ? the manual states -dports is an valid alias for --destination-ports

OK so
[root at d7148 bin]# iptables -A INPUT -p tcp  -dports 3306 -j DROP
Bad argument `3306'
Try `iptables -h' or 'iptables --help' for more information.
[root at d7148 bin]# iptables -A INPUT -p tcp  --dports 3306 -j DROP
iptables v1.2.8: Unknown arg `--dports'
Try `iptables -h' or 'iptables --help' for more information.
[root at d7148 bin]#
[root at d7148 bin]# iptables -A INPUT -p tcp  --destination-ports  3306 -j DROP
iptables v1.2.8: Unknown arg `--destination-ports'
Try `iptables -h' or 'iptables --help' for more information.
[root at d7148 bin]# iptables -A INPUT -p tcp  -destination-ports  3306 -j DROP
Bad argument `3306'
Try `iptables -h' or 'iptables --help' for more information.

Any other ideas ? - for now I am going to find a cli interface that might help
get this done.