How to properly close MySQL port 3306 from outer networks

To close port #3306 from outside networks add this to /etc/my.cnf' under the [mysqld] section:

skip-networking

then run 'service mysqld restart' and then 'netstat -tln' to see if the port comes up in the list of open ports:

root@my:/var/named#
netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:13769               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      
tcp        0      0 66.43.70.100:53             0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      
tcp        0      0 :::993                      :::*                        LISTEN      
tcp        0      0 :::995                      :::*                        LISTEN      
tcp        0      0 :::110                      :::*                        LISTEN      
tcp        0      0 ::ffff:127.0.0.1:8079       :::*                        LISTEN      
tcp        0      0 :::143                      :::*                        LISTEN      
tcp        0      0 :::19759                    :::*                        LISTEN      
tcp        0      0 :::80                       :::*                        LISTEN      
tcp        0      0 :::53                       :::*                        LISTEN      
tcp        0      0 :::8983                     :::*                        LISTEN      
tcp        0      0 ::1:953                     :::*                        LISTEN      
tcp        0      0 :::25                       :::*                        LISTEN      
tcp        0      0 :::443                      :::*                        LISTEN      

Comments

If you still need to SSH into

If you still need to SSH into the mysql server, you can listen only on localhost instead of closing everything.
Add this to the my.cnf file instead of 'skip-networking'
bind-address=127.0.0.1

bind-address=127.0.0.1 works

bind-address=127.0.0.1 works well.

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. PHP source code can also be enclosed in <?php ... ?> or <% ... %>.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
To prevent automated spam submissions leave this field empty.