Remote MySQL

Portal Home > Knowledgebase > Articles Database > Remote MySQL

Posted by tetrahost, 10-06-2011, 06:45 AM
Guys, i want to disable remote mysql access for the whole world and whitelist only one server IP so that the whitelist server IP is only able to connect my mysql server. Note, im using CSF as my firewall. Please help me with this.
Posted by web-project, 10-06-2011, 07:03 AM
either disable the 3306 port or better modify the /etc/my.cnf and add the following lines:
Posted by tetrahost, 10-06-2011, 07:13 AM
i know this but what about white-listing a remote server IP?
Posted by almanox, 10-06-2011, 07:49 AM
disable port 3306 (it will be closed for all but whitelisted), and whitelist your single IP
Posted by brianoz, 10-06-2011, 07:53 AM
Almanox is right ... The steps for CSF are: Remove 3306 from the TCP_IN list in /etc/csf/csf.conf if it is thereRun "csf -a IP" where IP is the IP you want to allow, or add it to /etc/csf/csf.allow You may also want to look at enabling port knocking for port 3306 - it's a great way to allow a dynamic IP to securely access a blocked port.
Posted by tetrahost, 10-07-2011, 03:21 AM
thanks almanox and brianoz, im trying these now
Posted by SPaReK, 10-07-2011, 09:26 AM
I would recommend csf -a 'tcp|in|d=3306|s=xx.xx.xx.xx' instead of csf -a xx.xx.xx.xx The latter will allow access into all ports from the IP address xx.xx.xx.xx but the former will only allow access to port 3306, the MySQL port.