Portal Home > Knowledgebase > Articles Database > Remote MySQL
Remote MySQL
Posted by tetrahost, 10-06-2011, 06:45 AM |
Guys, i want to disable remote mysql access for the whole world and whitelist only one server IP so that the whitelist server IP is only able to connect my mysql server.
Note, im using CSF as my firewall.
Please help me with this.
|
Posted by web-project, 10-06-2011, 07:03 AM |
either disable the 3306 port
or better modify the /etc/my.cnf
and add the following lines:
|
Posted by tetrahost, 10-06-2011, 07:13 AM |
i know this but what about white-listing a remote server IP?
|
Posted by almanox, 10-06-2011, 07:49 AM |
disable port 3306 (it will be closed for all but whitelisted), and whitelist your single IP
|
Posted by brianoz, 10-06-2011, 07:53 AM |
Almanox is right ...
The steps for CSF are:
Remove 3306 from the TCP_IN list in /etc/csf/csf.conf if it is thereRun "csf -a IP" where IP is the IP you want to allow, or add it to /etc/csf/csf.allow
You may also want to look at enabling port knocking for port 3306 - it's a great way to allow a dynamic IP to securely access a blocked port.
|
Posted by tetrahost, 10-07-2011, 03:21 AM |
thanks almanox and brianoz, im trying these now
|
Posted by SPaReK, 10-07-2011, 09:26 AM |
I would recommend
csf -a 'tcp|in|d=3306|s=xx.xx.xx.xx'
instead of
csf -a xx.xx.xx.xx
The latter will allow access into all ports from the IP address xx.xx.xx.xx but the former will only allow access to port 3306, the MySQL port.
|
Add to Favourites Print this Article
Also Read