How can DROP 3306 port to all, and open for specifics IPs ?

  • Posted November 14, 2019
  • MySQL

I installed in my droplet mariadb and configure the ufw firewall:

# ufw allow from Ip.Slave.Server to any port 3306
# ufw allow from Ip.Second.Slave.Server to any port 3306
# ufw status
22/tcp                     ALLOW       Anywhere                  
3306/tcp                   ALLOW       Ip.Slave.Ser.ver              
3306/tcp                   ALLOW       Ip.Second.Slave.Server             
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6) 

But I’m in my House (IP is different of Slave Server and Second Slave server), I can see the port open and make connection :(, Why? … I shouldn’t connect.

# nmap -sT -P0 -p 3306
3306/tcp open  mysql

I need close the connection to 3306 for all, and only open for the Specifics IP (Slave and SeconSlave) !



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @siegroupmx,

The same topic has been discussed in the following Community Question - Block port 3306

Let me summarize it, you’ll need to manually deny traffic to the port and then allow only your IP on the said port. In ohter words, you’l need to do this

sudo ufw deny 3306/tcp

then allow your IP to your server

sudo ufw allow from Your.IP.Address to any port 3306 proto tcp

That’s it!

Regards, KDSYS