iptables how to close mysql port 3306
Manuel Arostegui Ramirez
manuel at todo-linux.com
Mon Apr 3 20:42:00 UTC 2006
El Lunes 03 Abril 2006 22:30, Administrator TOOTAI escribió:
> Ted Potter wrote:
> > Greetings,
> >
> > have a machine with kernel 2.4.21-27.0.2.EL
> >
> > can someone please provide the command line for using iptables to
> > close off port 3306 so remote
> > mysql user can not attach to the mysqlserver running on this box.
> >
> > To make it fun, no I can not install anything. No there is not gui.
> > Everthing I do must be from
> > the command line on the box. Bout the only blessing is I can ssh in to
> > the box as root.
> >
> > Thanks for any who care to play and share.
> >
> > PS
> >
> > I tried the following:
> >
> > iptables -A INPUT -p tcp -d 3306 -j REJECT
> >
> > then I see
> >
> > iptables --list
> > REJECT tcp -- anywhere 0.0.12.234 <http://0.0.12.234> reject-wthi
> > icmp-port-unreachable
> >
> > and I can still log on to the server remotely.
> >
> >
> > Thanks again.
> > (because it is Monday after 4-1 and the joker decided to wait!)
>
Damm! I told him -d $port, instead of --dport $port, i'm sorry :-)
Ted, the option -d must be followed by the destination IP address, if you want
to specify a port, you have to use --dport $port
Regards.
Manu
More information about the redhat-list
mailing list