- 1图形学基本概念_ground 着色
- 2动态内存的管理_原有空间后面没有足够的空闲空间用来分配
- 3关于memcpy(),memmove(),strcpy()的小结_memcpy时间复杂度
- 420200922 001_经典算法面试题1——字符串匹配之KMP算法_kmp面试题
- 5llama2使用gptq量化踩坑记录_未安装exllamav2内核
- 6基于uniapp的计算机考研助手小程序(含管理端)_考研择校小程序源码
- 7IDEA 妙用之Postfix Completion_idea postfix completion 字符串截取
- 8ElasticSearch学习2-单机部署_elastalert2 部署 run.sh
- 9git 合并多个 commit / 修改上一次 commit_git命令怎么合并到上一笔提交
- 10JQuery+Bootstrap一揽子方案_bootstrap +jquery 替换方案
iptables mysql 本地_使用IPTABLES将MySQL 3306端口限制为localhost
赞
踩
I am trying to restrict MySQL 3306 port on a linux machine from making any connections to anything other than localhost to prevent outside attacks. i have the following code, i am not sure if it's correct:
iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp -s localhost --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
iptables -A OUTPUT -p tcp --dport 3306 -j DROP
my other question is - is it correct to only give localhost access? this is a standard dedicated centos webserver with more than 30 domains on it.
解决方案
Why not just turn off networking with MySQL?
Add to my.cnf:
skip-networking
It's supposed to also give a negligible performance improvement by forcing connection through pipes, which skips over lots of tests used for the networking section. Please note you will need to use localhost, not 127.0.0.1, after the change.
