Firewall 3306 but still allow remote access? Possible?

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
I would like to take 3306 out of the TCP IN list in the firewall. But at the same time, I would like to grant access via particular IPs using the Allowed Hosts list in the vsite's cPanel. Possible?

Is there some way to open access to 3306 just for specific IPs, but firwalling them down for others, when it comes to remote access?

Thanks for any response on this one.
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
I would like to take 3306 out of the TCP IN list in the firewall. But at the same time, I would like to grant access via particular IPs using the Allowed Hosts list in the vsite's cPanel. Possible?

Is there some way to open access to 3306 just for specific IPs, but firwalling them down for others, when it comes to remote access?

Thanks for any response on this one.
if your using the CSF firewall, in the csf.allow file you can use the following formats:
Code:
out:d=3306:d=REMOTE_IP_ADDR
tcp:in:d=3306:s=YOUR_IP_ADDR
the 'out' allows you to access a remote IP server from your server, the "tcp:in" allows you access to your server from a remote location using your IP address. You must also make sure that the remote and local MySQL privileges are setup too allow access via the IP's too the user connecting to the MySQL server.

Mickalo
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Thanks very much for the info. But should'nt this be?:

out:d=3306:d=SERVER_IP_ADDR
tcp:in:d=3306:s=REMOTE_IP_ADDR