In a typical high performing web servers environment I have a few web servers running apache/php and a separate DB server to support them. If the need ever comes to increase the capacity of the DB server it can easily be done via the MySQL clustering configuration. In any case, one of the most redundant tasks before setting up all servers is to tighten the security. In particular, setting the firewall is a repetitive task. Hence I am setting this page as a guide to myself and anyone who cares, Enjoy!
- SSH to the server, login as root
- type vi myiptables-mysql
- Insert the following commands:
NOTE: you will need to insert the web server’s ip addresses where I placed <ip address#>. These are the ip addresses that MySQL queries will originate from.#!/bin/bash # # iptables example configuration script # # Flush all current rules from iptables # iptables -F # # Allow SSH connections on tcp port 22 # This is essential when working on remote servers via SSH to prevent locking yourself out of the system # iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -I INPUT 1 -i lo -p tcp --dport mysql -j ACCEPT iptables -I INPUT 2 -i lo -p udp --dport mysql -j ACCEPT iptables -I INPUT 3 -i eth0 -p tcp --dport mysql -s <ip address1> -j ACCEPT iptables -I INPUT 3 -i eth0 -p tcp --dport mysql -s <ip address2> -j ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains # iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # Accept packets belonging to established and related connections # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # # Save settings # /sbin/service iptables save # # List rules # iptables -L -v
- save and exit
- Allow the file to execute by typing this command: chmod +x myiptables-mysql
- Run the file by tying this command: ./myiptables-mysql
- Test it and Enjoy!
Security notice: yes, for an even tighter security it is possible to change the ports.
