How can DROP 3306 port to all, and open for specifics IPs ?

I installed in my droplet mariadb and configure the ufw firewall:

# ufw allow from Ip.Slave.Server to any port 3306
# ufw allow from Ip.Second.Slave.Server to any port 3306
# ufw status
22/tcp                     ALLOW       Anywhere                  
3306/tcp                   ALLOW       Ip.Slave.Ser.ver              
3306/tcp                   ALLOW       Ip.Second.Slave.Server             
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6) 

But I’m in my House (IP is different of Slave Server and Second Slave server), I can see the port open and make connection :(, Why? … I shouldn’t connect.

# nmap -sT -P0 -p 3306
3306/tcp open  mysql

I need close the connection to 3306 for all, and only open for the Specifics IP (Slave and SeconSlave) !


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi @siegroupmx,

The same topic has been discussed in the following Community Question - Block port 3306

Let me summarize it, you’ll need to manually deny traffic to the port and then allow only your IP on the said port. In ohter words, you’l need to do this

sudo ufw deny 3306/tcp

then allow your IP to your server

sudo ufw allow from Your.IP.Address to any port 3306 proto tcp

That’s it!

Regards, KDSYS