添加iptables规则,净化mysql运行环境

由于需要一些外网的连接,mysql长期暴露在互联网上,容易引起别人的攻击,很多IP尝试连接,如下:

2016-01-06 09:02:01 32010 [Warning] IP address '42.96.184.105' could not be resolved: Name or service not known
2016-01-06 15:26:48 32010 [Warning] IP address '112.124.108.222' could not be resolved: Name or service not known
2016-01-06 15:47:07 32010 [Warning] IP address '120.25.214.84' could not be resolved: Name or service not known
2016-01-06 15:54:15 32010 [Warning] IP address '120.27.110.101' could not be resolved: Name or service not known
2016-01-06 19:33:33 32010 [Warning] IP address '115.28.145.99' could not be resolved: Name or service not known

 

尽管使用了mysql本身的IP限制,但是还不够安全,启用iptables,限制其他IP闯入,如下:

# iptables -L -n
# iptables -F
# iptables -X
# iptables -L -n
# /etc/rc.d/init.d/iptables save
# service iptables restart
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -s *******(IP地址) -p tcp --dport 3306 -j ACCEPT
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -i lo -p all -j ACCEPT
# iptables -P INPUT DROP
# iptables -L -n
# /etc/rc.d/init.d/iptables save
# service iptables restart

终于,整个世界都清静了~

打赏