I have a Debian box with Webmin and MySQL on.
I am using this box purely as a MySQL server.
I want to restrict access to port 3306 only from certain IPs and block all other services to all other IPs.
I also need to allow my IP full access to all services on the server so I always have access to the server.
I am new to iptables and not too sure how to setup.
Can someone work out the iptable set of commands to use for this??
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
In debian I use following commands due to distro haven't startup script by default for restoring firewall rules:
iptables-save > /etc/iptables.rules
echo "#\!/bin/sh" >> /etc/network/if-pre-up.d/i
echo "/sbin/iptables-restore /etc/iptables.rules" >> /etc/network/if-pre-up.d/i
chmod a+x /etc/network/if-pre-up.d/i
first line will save your iptables rules to file, other 3 will create starttup script for autorestoring rules on boot.
Business Accounts
Answer for Membership
by: koffuPosted on 2009-08-25 at 14:42:48ID: 25182593
first of all you must read iptables tutorial at http://iptables-tutorial.f
in base you may setup limited access from incoming side, but full access to outgoing side. You should run this commands from root or via sudo without quotes " " !
first of all allow traffic through loopback:
"iptables -A INCOMING -i lo -j ACCEPT"
allow ip AAA.BBB.CCC.DDD to make connections to your 3306 port (mysql):
"iptables -A INCOMING -s AAA.BBB.CCC.DDD -p tcp --dport 3306 -j ACCEPT"
you must repeat this command for all your trusted IPs.
allow webmin (as I remember it run on 10000 port):
"iptables -A INCOMING -p tcp --dport 10000 -j ACCEPT"
allow incoming DNS traffic from your DNS servers which defined in /etc/resolv.conf after nameserver
"cat /etc/resolv.conf | grep nameserver"
"iptables -A INCOMING -s AAA.BBB.CCC.DDD -p udp --sport 53"
you should run this command for all DNS nameservers in /etc/resolv.conf.
after this make final steps to drop all undefined traffic:
"iptables -P INCOMING DROP"
This settings will kept until reboot. You can view or modify your rules with following commands:
view: iptables -L -n -v --line-numbers
delete one rule: iptables -D INCOMING XX -XX will be rule position with previous command
delete all rules: iptables -F -after this you should add new rules or change default policy to allow traffic (are you not forget we maked this in last? ) with iptables -P INCOMING ACCEPT.
Which linux distro you using? I will help you to save your work through reboots.