How to properly close MySQL port 3306 from outer networks

To close port #3306 from outside networks add this to /etc/my.cnf' under the [mysqld] section:


skip-networking

then run 'service mysqld restart' and then 'netstat -tln' to see if the port comes up in the list of open ports:

root@my:/var/named#
netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:13769 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 66.43.70.100:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::993 :::* LISTEN
tcp 0 0 :::995 :::* LISTEN
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 ::ffff:127.0.0.1:8079 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::19759 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::53 :::* LISTEN
tcp 0 0 :::8983 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
tcp 0 0 :::25 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN

Comments

If you still need to SSH into the mysql server, you can listen only on localhost instead of closing everything.
Add this to the my.cnf file instead of 'skip-networking'
bind-address=127.0.0.1

bind-address=127.0.0.1 works well.

Add new comment

Filtered HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.