Firewall 3306 but still allow remote access? Possible?

[jols]

I would like to take 3306 out of the TCP IN list in the firewall. But at the same time, I would like to grant access via particular IPs using the Allowed Hosts list in the vsite's cPanel. Possible?

Is there some way to open access to 3306 just for specific IPs, but firwalling them down for others, when it comes to remote access?

Thanks for any response on this one.

 

[mickalo]

I would like to take 3306 out of the TCP IN list in the firewall. But at the same time, I would like to grant access via particular IPs using the Allowed Hosts list in the vsite's cPanel. Possible?

Is there some way to open access to 3306 just for specific IPs, but firwalling them down for others, when it comes to remote access?

Thanks for any response on this one.

if your using the CSF firewall, in the csf.allow file you can use the following formats:

out:d=3306:d=REMOTE_IP_ADDR
tcp:in:d=3306:s=YOUR_IP_ADDR

the 'out' allows you to access a remote IP server from your server, the "tcp:in" allows you access to your server from a remote location using your IP address. You must also make sure that the remote and local MySQL privileges are setup too allow access via the IP's too the user connecting to the MySQL server.

Mickalo

 

[jols]

Thanks very much for the info. But should'nt this be?:

out:d=3306:d=SERVER_IP_ADDR
tcp:in:d=3306:s=REMOTE_IP_ADDR

 

[mickalo]

Thanks very much for the info. But should'nt this be?:

out:d=3306:d=SERVER_IP_ADDR
tcp:in:d=3306:s=REMOTE_IP_ADDR

I guess it depends on the wording. but I believe yours is the same as I stated but terminology slightly different

Mickalo