|
FreeBSD Security Securing FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
BSD n00b needs to block incoming SQL on 3306
Hi, I suppose an introduction is necessary. I'm a long time linux admin but one of my customers has BSD boxes. I've figured most everything out except IPFW. Every time I try to implement it, I lock myself out of the server. I've followed 2 or 3 tutorials on setting up an all openfirewall that you can close down to whatever you want, but I always lock out all connections to all ports.
I just need to limit connections to port 3306 to a handful of IP's. What is the best way to go about this? Thank you very much for your help. |
|
|||
I haven't done IPFW in years but i think it's something like this
#Block all ipfw add deny all from any to any 3306 in via <interface> # Allow a few ipfw add allow tcp from <ip>,<ip> to any 3306 in via <interface> |
|
|||
Or, a quick simple fix to /etc/hosts.allow
mysqld : 192.168.1.0/24 : allow mysqld : ALL : deny * DISCLAIMER: I'm presently at work, exactly 36 miles away from my BSD system, and connection to said system is down due to a rather unusual (for Arizona anyways) rain storm. So uhh, I can't test the above. It's either mysqld or mysql. Don't forget to comment out the ALL : ALL : allow line at the top of the file, or you'll completely over-ride anything you set below that and scratch your head for hours trying to figure out why it doesn't work when "it should." Also, be sure to restart mysqld after the above change. Oh - and of course, change 192.168.1.0/24 to whatever your config is.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
phoenix is correct, I ran into the same problem myself and was quite annoyed to find that this 'hidden' rule wasn't mentioned by quite a few different resources. You can either follow the steps that phoenix has given or if you are loading ipfw via kldload you should use the following
Code:
kldload ipfw && ipfw -q add 65000 allow all from any to any Code:
firewall_enable="YES" firewall_type="open" |
|
|||
I would personnaly go for PF. I find it much simpler to configure and the user base / examples on the net seems to be larger,
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
postfix incoming only on external | vdubjunkie | General software and network | 5 | 7th June 2009 08:02 PM |
Tomcat n00b error | disappearedng | FreeBSD General | 0 | 18th November 2008 05:14 AM |
edonkey n00b question | disappearedng | FreeBSD General | 5 | 17th November 2008 10:09 AM |
n00b Eclipse question | disappearedng | FreeBSD General | 3 | 3rd November 2008 05:29 PM |
A few FreeBSD n00b questions | zelut | FreeBSD General | 1 | 7th October 2008 07:13 PM |