Linux iptables:两个 IP 地址,只允许一个端口 3306
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3726920/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Iptables: Two IP-Adresses, allow Port 3306 just for one
提问by mate64
my server has two ip's:
我的服务器有两个 ip:
# IP one: 192.168.45.1 (allow MYSQL on Port 3306)
# IP two: 192.168.45.2 (disallow MYSQL on Port 3306)
.
.
how can i configure iptables, to drop incoming connections for a specific IP and allow it to the other?
我如何配置iptables以删除特定 IP 的传入连接并允许它连接到另一个?
.
.
#
# Allow MYSQL-Port only for 192.168.45.1!
#
/sbin/iptables -A INPUT -p tcp 192.168.45.1 --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp 192.168.45.2 --dport 3306 -j DROP
# END SCRIPT
this seems not to work.. :-(
这似乎不起作用.. :-(
采纳答案by Lance Richardson
I think you want:
我想你想要:
/sbin/iptables -A INPUT -p tcp -d 192.168.45.1 --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -d 192.168.45.2 --dport 3306 -j DROP
回答by John Kugelman
Rather than enforcing this at the firewall level, have MySQL bind to 192.168.45.1 with the bind-addressoption. Add this to /etc/my.cnf:
与其在防火墙级别强制执行此操作,不如让 MySQL 使用bind-address选项绑定到 192.168.45.1 。将此添加到/etc/my.cnf:
bind-address=192.168.45.1
