使用IPTABLES将MySQL 3306端口限制为localhost

本文介绍了使用IPTABLES将MySQL 3306端口限制为localhost的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我试图限制Linux机器上的MySQL 3306端口与本地主机以外的其他任何主机建立连接，以防止外部攻击.我有以下代码，我不确定是否正确:

I am trying to restrict MySQL 3306 port on a linux machine from making any connections to anything other than localhost to prevent outside attacks. i have the following code, i am not sure if it's correct:

iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT iptables -A OUTPUT -p tcp -s localhost --dport 3306 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -j DROP iptables -A OUTPUT -p tcp --dport 3306 -j DROP

我的另一个问题是-仅授予本地主机访问权限是否正确?这是一个标准的专用centos网络服务器，上面有30多个域.

my other question is - is it correct to only give localhost access? this is a standard dedicated centos webserver with more than 30 domains on it.

推荐答案

为什么不只关闭与MySQL的联网?

Why not just turn off networking with MySQL?

添加到myf:

skip-networking

通过强制通过管道进行的连接，它的性能改进也可以忽略不计，而跳过了用于网络部分的许多测试.请注意，更改后，您将需要使用localhost，而不是 127.0.0.1.

It's supposed to also give a negligible performance improvement by forcing connection through pipes, which skips over lots of tests used for the networking section. Please note you will need to use localhost, not 127.0.0.1, after the change.