How to properly close MySQL port 3306 from outer networks

Submitted by Mathew Branwell on Thu, 02/14/2013 - 19:35

To close port #3306 from outside networks add this to /etc/my.cnf' under the [mysqld] section:


skip-networking

then run 'service mysqld restart' and then 'netstat -tln' to see if the port comes up in the list of open ports:

root@my:/var/named#
netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:13769 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 66.43.70.100:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::993 :::* LISTEN
tcp 0 0 :::995 :::* LISTEN
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 ::ffff:127.0.0.1:8079 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::19759 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::53 :::* LISTEN
tcp 0 0 :::8983 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
tcp 0 0 :::25 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN

Tags:

Comments

Anonymous (not verified)

Thu, 04/02/2015 - 09:49

If you still need to SSH into the mysql server, you can listen only on localhost instead of closing everything.
Add this to the my.cnf file instead of 'skip-networking'
bind-address=127.0.0.1

Anonymous (not verified)

Tue, 09/22/2015 - 16:14

bind-address=127.0.0.1 works well.

Add new comment

More information about text formats

Filtered HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.