Obmedzenie portu 3306 cez firewall PF

schrodinger soumar at soudny.net
Sun Jun 6 10:18:25 CEST 2021

Previous message (by thread): Obmedzenie portu 3306 cez firewall PF
Next message (by thread): Obmedzenie portu 3306 cez firewall PF
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahoj,

Ve tvym pripade bych si asi nadefinoval pole/tabulku s allowed ips/subnets $MYSQLALLOWED a pridal pravidlo:

block in log quick on $ext_if from ! $MYSQLALLOWED to ($MYIP) port 3306

Pisu z mobilu, nesedim u pc, tak si tu syntaxi odkontroluj s man pf.conf ;)

Marek

6. 6. 2021 9:54, 9:54, Frantisek Hennel <frantisek.hennel at gmail.com> napsal/a:
>Ahoj,
>
>chcel by som Vas poprosit o radu ohladne firewallu PF,
>nakolko uz od vcera studujem manualy a podobny pripad,
>ako sa snazim nastavit ja, som nikde nenasiel.
>
>Potreboval by som zablokovat pristup na mysql server (port
>3306), aby nebol pristupny do internetu a povolit by som chcel
>tento port iba pre konkretne IP adresy, pripadne konkretne
>subnety. Vsetky ostatne porty chcem ponechat normalne
>otvorene, len ten jeden port 3306 chcem takto zablokovat.
>
>V sucasnosti vyuzivam firewall PF len na blokovanie
>nechcenych IP adries a moj pf.conf vyzera nasledovne:
>
>table <blockedips> persist file "/etc/pf.blocked.ip.conf"
>ext_if="em0" # interface connected to internet
>block drop in log (all) quick on $ext_if from <blockedips> to any
>
>Prosim o usmernenie aj v pripade, ak nie je mozne na tento
>ucel pouzit firewall PF, aj ked urcite uprednostnujem prave
>riesenie cez PF, kedze ho uz dlhsie pouzivam.
>
>Dakujem
>
>Frantisek
>-- 
>FreeBSD mailing list (users-l at freebsd.cz)
>http://www.freebsd.cz/listserv/listinfo/users-l

Previous message (by thread): Obmedzenie portu 3306 cez firewall PF
Next message (by thread): Obmedzenie portu 3306 cez firewall PF
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list