Hi,
I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this?
What OS does your mysql server run on?
Red Hat Enterprise
So you actually meant to say "Linux" 
Try this (as root):
MYIPADDR=<the IP address you want to allow>
PATH=/sbin:$PATH
iptables -A INPUT -p tcp --dport 3306 -s $MYIPADDR -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT
service iptables save
If you screw up, flush the rules and try again. Flush with:
iptables -F INPUT
Hi,
I tried the following and it is working as expected. Thanks.
iptables -F INPUT
iptables -A INPUT -p tcp --dport 3306 -s $'172.29.0.2' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -s $'172.29.0.1' -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j REJECT
service iptables save
But I have to allow one IP address at a time. It does not accept comma
How do I add multiple IP addresses?
You did it right. If your IP addresses encompass a range, you can do a netmask, such as 172.29.0.0/24.
I don't know what the $ signs are for (in my example, they were for a shell variable)... take them out just in case.
Either with
$ iptables -A INPUT -p tcp --dport 3306 -s '172.29.0.1/<cidr>' -j ACCEPT
or, if you have the iprange module with
$ iptables -A INPUT -p tcp --dport 3306 --src-range <first ip>-<last-ip> -j ACCEPT
thnx for sharing all the configuration steps.
I used the above examples and I have got what I needed to work. Thanks.
I could not get the multiple IP adrdresses working or the REJECT line but hopefully I will not need them.
Lordlava