Login or Register to Ask a Question and Join Our Community


Linux

using firewall to block port

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux using firewall to block port
# 1  
Old 02-16-2009
using firewall to block port
Hi,
I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this?
# 2  
Old 02-16-2009
What OS does your mysql server run on?
# 3  
Old 02-16-2009
Red Hat Enterprise
# 4  
Old 02-17-2009
So you actually meant to say "Linux" Smilie

Try this (as root):
Code:
MYIPADDR=<the IP address you want to allow>

PATH=/sbin:$PATH
iptables -A INPUT -p tcp --dport 3306 -s $MYIPADDR -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT
service iptables save

If you screw up, flush the rules and try again. Flush with:
Code:
iptables -F INPUT

# 5  
Old 02-17-2009
Hi,
I tried the following and it is working as expected. Thanks.

iptables -F INPUT
iptables -A INPUT -p tcp --dport 3306 -s $'172.29.0.2' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s $'172.29.0.1' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT
service iptables save

But I have to allow one IP address at a time. It does not accept comma
How do I add multiple IP addresses?
# 6  
Old 02-17-2009
Quote:
But I have to allow one IP address at a time. It does not accept comma
How do I add multiple IP addresses?
You did it right. If your IP addresses encompass a range, you can do a netmask, such as 172.29.0.0/24.

I don't know what the $ signs are for (in my example, they were for a shell variable)... take them out just in case.
# 7  
Old 02-17-2009
Either with
Code:
$ iptables -A INPUT -p tcp --dport 3306 -s '172.29.0.1/<cidr>' -j ACCEPT

or, if you have the iprange module with
Code:
$ iptables -A INPUT -p tcp --dport 3306 --src-range <first ip>-<last-ip> -j ACCEPT
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Unable to open firewall port for external traffic.

Below is what i did to open the firewall port on # sudo firewall-cmd --zone=public --add-port=27012/tcp --permanent Warning: ALREADY_ENABLED: 27012:tcp success # sudo firewall-cmd --reload success # firewall-cmd --list-all public target: default icmp-block-inversion: no ... (10 Replies)
Discussion started by: mohtashims
10 Replies

2. Shell Programming and Scripting

How to check the IP:PORT firewall uses?

I have my firewall process running # ps -ef | grep firewall root 21169 1 0 08:50 ? 00:00:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid I wish to know what ip : port number it is using. Can you please tell me how can i find out ? I tried the below command... (4 Replies)
Discussion started by: mohtashims
4 Replies

3. Shell Programming and Scripting

Good way to check firewall port on Linux centos 7

Hi, I need to know what kind of firewall settings does the linux box have? Is port 25 blocked in any way? Linux techx 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux I'm coming from this thread. (1 Reply)
Discussion started by: mohtashims
1 Replies

4. UNIX for Dummies Questions & Answers

iptables rule to block access from VM Browser to Firewall Login Page

(1 Reply)
Discussion started by: senrabdet
1 Replies

5. UNIX for Dummies Questions & Answers

Rsync port and firewall

hi guys I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem and customer will be using rsync to sync backups among other things I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Discussion started by: karlochacon
1 Replies

6. UNIX for Advanced & Expert Users

Linux bridged firewall - monitor traffic & block IP

Hi All, I successfully configured a DEBIAN Lenny bridged firewall using ebtables. The bridged interface is br0. The ethernet interface are eth0 & eth1 respectively. All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers. Can... (1 Reply)
Discussion started by: coolatt
1 Replies

7. IP Networking

Is there any way to add an exception for a port in the firewall setting, permanently?

Hello, I want to add a port in the firewall exception list so that my application can be accessed over network even if firewall is disabled. I am using iptables command to add exception. The problem is, after setting the rule if I change the firewall setting i.e. on/off then it is overwriting... (1 Reply)
Discussion started by: senrooy
1 Replies

8. Linux

can ping without firewall; no port 631

Well, since I wrote the below, I've learned a little more about Samba, and got them to at least acknowledge each other. Still can't use Gaurd dog. Still cant print from one to the other. I'm learning I'm learning I recently installed mepis 7 on both my laptop and laptop. (I came... (0 Replies)
Discussion started by: Sonshyne5
0 Replies

9. IP Networking

How to know port is block..

My server is running on a port 16386, in the case when this port is blocked by some other application ( anti virus etc. ) or firewall then how do i know it's block? Is bind will return any specific error in this case. I have to know is it blocked or not? (2 Replies)
Discussion started by: Saurabh78
2 Replies

10. Solaris

How to open SSH port on firewall?

Hi, So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years. We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Discussion started by: pjewett
3 Replies
Login or Register to Ask a Question