How to limit MySQL port access to specific network
|
|
MySQL service port are not meant to be accessible to the outside world as it would become a security concern to the administrator.
Although MySQL server (mysqld) by itself has a built-in mechanism to deny access from unauthorized ip-address, it still does not protect it from being overwhelmed by multiple malicious requests or buffer overflow attack directed to the server.
One of the solution is to limit the MySQL port access to trusted network using iptables
This assume your trusted network has the address within the range of 192.168.1.1-192.168.1.254
iptables -A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
MySQL server (mysqld) uses port 3306.
Note: Always assume the internet as the untrusted network!
Tags: firewall, http, httpd, iptables, mysql, network, security
Keep updated with the latest posts, be a part of over 1,000 subscribers! : 
Subscribe to your email
You might also want to read...
- Iptables rule to safeguard SSH server from crackers
- Sun Going to Acquire MySQL for USD 1 Billion
- How to optimize MySQL tables automatically using cron
- How to Import export MySQL database from command line
- How to find cause of heavy usage on your Apache webserver
- Howto make SSH listens on multiple port
- SQLyog – Open Source MySQL Manager GUI for Windows
Leave a Comment