How can DROP 3306 port to all, and open for specifics IPs ?

November 14, 2019 432 views
MySQL

I installed in my droplet mariadb and configure the ufw firewall:

# ufw allow from Ip.Slave.Server to any port 3306
# ufw allow from Ip.Second.Slave.Server to any port 3306
# ufw status
22/tcp                     ALLOW       Anywhere                  
3306/tcp                   ALLOW       Ip.Slave.Ser.ver              
3306/tcp                   ALLOW       Ip.Second.Slave.Server             
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6) 

But I’m in my House (IP is different of Slave Server and Second Slave server), I can see the port open and make connection :(, Why? .... I shouldn’t connect.

# nmap -sT -P0 -p 3306 ip.my.droplet
3306/tcp open  mysql

I need close the connection to 3306 for all, and only open for the Specifics IP (Slave and SeconSlave) !

Regards!

1 Answer

Hi @siegroupmx,

The same topic has been discussed in the following Community Question - Block port 3306

Let me summarize it, you’ll need to manually deny traffic to the port and then allow only your IP on the said port. In ohter words, you'l need to do this

sudo ufw deny 3306/tcp

then allow your IP to your server

sudo ufw allow from Your.IP.Address to any port 3306 proto tcp

That’s it!

Regards,
KDSYS

Have another answer? Share your knowledge.