mysql + iptables = yay from remote server!

jpeacock

Member
May 17, 2006
12
0
151
so, i'm trying to allow a remote connection from another server, but don't want to completely open up port 3306 to the outside world. I'd rather reject at the firewall than reject using mysql's invalid login response.

here's what i have so far but it doesn't come back as valid :
Code:
-A INPUT -p tcp -s some.ip.address --dport 3306 -m state --state NEW -j ACCEPT
i can't seem to figure out how to allow INPUT and OUTPUT access from a specific IP for a specific port. could anyone shed some light on what I need to do?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
You need to make sure the rule is higher up in the chain from the block on port 3306 so use -I instead of -A, other than that the format you have should be OK. This works:
Code:
iptables -I INPUT -p tcp -s 11.22.33.44 --dport 3306 -m state --state NEW -j ACCEPT