iptables bloqueando conexão MySQL remota

Question

iptables bloqueando conexão MySQL remota

#1 resposta do (2 votos)

-1

Estou tentando configurar meu servidor (CentOS 6.9) para aceitar conexões MySQL remotas e estou preso na configuração do firewall

Eu tenho tudo definido no lado do MySQL. Eu posso conectar através do telnet se eu parar o iptables, mas não quando estiver ativo

Eu já tentei:

-A INPUT -i lo -p tcp -m tcp --dport 3306 -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT

Mas ainda recebo "conexão recusada" com o iptables ativo. O que estou fazendo errado?

EDIT: saída de iptables -L -x -v -n

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
      11     1122 acctboth   all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       5      372 tcpchk     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
       6      750 udpchk     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
       0        0 icmpchk    icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           
      11     1122 ipdrop_global  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
      11     1122 input_custom  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
       0        0 ssh        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22022 
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: up to 2/sec burst 10 mode srcip 
       0        0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 5/min burst 5 LOG flags 0 level 3 prefix 'ICMP_DROP ' 
       0        0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8                                                                                                                                                                      
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0                                                                                                                                                                      
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4                                                                                                                                                               
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 3                                                                                                                                                               
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 1                                                                                                                                                               
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11                                                                                                                                                                     
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12                                                                                                                                                                     
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 30                                                                                                                                                                     
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED                                                                                                                                                                
       0        0 ACCEPT     tcp  --  *      *       103.21.244.0/22      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       103.22.200.0/22      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       103.31.4.0/22        0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       104.16.0.0/12        0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       108.162.192.0/18     0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       131.0.72.0/22        0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       141.101.64.0/18      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       162.158.0.0/15       0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       172.64.0.0/13        0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       173.245.48.0/20      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       188.114.96.0/20      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       190.93.240.0/20      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       197.234.240.0/22     0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       198.41.128.0/17      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       216.172.173.146      0.0.0.0/0           tcp dpt:80                                                                                                                                                                       
       0        0 ACCEPT     tcp  --  *      *       198.1.121.202        0.0.0.0/0           multiport dports 22,80 
       0        0 ACCEPT     icmp --  *      *       198.1.121.202        0.0.0.0/0           icmp type 8 
       0        0 ACCEPT     tcp  --  *      *       184.173.226.84       0.0.0.0/0           multiport dports 22,80 
       0        0 ACCEPT     icmp --  *      *       184.173.226.84       0.0.0.0/0           icmp type 8 
       0        0 ACCEPT     tcp  --  *      *       184.172.224.50       0.0.0.0/0           multiport dports 22,80 
       0        0 ACCEPT     icmp --  *      *       184.172.224.50       0.0.0.0/0           icmp type 8 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:26 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:465 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:587 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2082 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2083 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2084 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2086 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2087 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2089 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2222 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2095 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2096 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:995 
       0        0 ACCEPT     udp  --  *      *       8.8.4.4              0.0.0.0/0           udp spt:53 
       0        0 ACCEPT     tcp  --  *      *       8.8.4.4              0.0.0.0/0           tcp spt:53 
       6      750 ACCEPT     udp  --  *      *       8.8.8.8              0.0.0.0/0           udp spt:53 
       0        0 ACCEPT     tcp  --  *      *       8.8.8.8              0.0.0.0/0           tcp spt:53 
       5      372 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22022 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:22022 
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix 'LOG_INPUT: ' 
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     tcp  --  lo     *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
       0        0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
       0        0 ACCEPT     tcp  --  eth0   *       216.172.173.146      0.0.0.0/0           tcp dpt:3306 
       0        0 ACCEPT     tcp  --  *      *       216.172.173.146      0.0.0.0/0           tcp dpt:3306 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 tcpchk     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 udpchk     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 icmpchk    icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
      10      866 cpanel-dovecot-solr  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
      10      866 acctboth   all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       4      432 tcpchk     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0           
       6      434 udpchk     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 icmpchk    icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
      10      866 output_custom  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW,ESTABLISHED 
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            198.1.121.202       icmp type 0 
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            184.173.226.84      icmp type 0 
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            184.172.224.50      icmp type 0 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1129 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1129 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:30000 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:30000 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:110 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:43 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:43 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:873 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           owner UID match 0 
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.52.223.18        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.52.223.66        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            64.5.52.7           tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            64.5.52.8           tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            64.5.52.9           tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            64.5.52.12          tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            64.5.52.13          tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            64.5.52.14          tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            67.18.137.84        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            67.18.137.85        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            67.18.137.86        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            67.18.137.87        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            67.18.137.88        tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.52.222.226       tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.52.222.242       tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            74.52.223.2         tcp dpt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 owner UID match 47 
       0        0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           ! owner UID match 0 multiport dports 25,465,587 limit: avg 1/sec burst 5 LOG flags 0 level 5 prefix 'OUTBOUND-SMTP : ' 
       6      434 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 ! owner UID match 99 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 ! owner UID match 99 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            8.8.4.4             udp dpt:53 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            8.8.4.4             tcp dpt:53 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            8.8.8.8             udp dpt:53 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            8.8.8.8             tcp dpt:53 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 owner UID match 99 limit: avg 20/sec burst 5 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 owner UID match 99 limit: avg 20/sec burst 5 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:465 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:587 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2086 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2087 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2089 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:37 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2703 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 
       4      432 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22022 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:25 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:26 
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:110 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:143 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:465 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:587 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2082 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2083 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2084 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2086 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2087 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2089 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2222 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2095 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:2096 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:993 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:995 
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 5 LOG flags 0 level 4 prefix 'LOG_OUTPUT: ' 
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3306 

Chain acctboth (2 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain cpanel-dovecot-solr (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 8984,7984 owner UID match 490 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 8984,7984 owner UID match 0 
       0        0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 8984,7984 reject-with icmp-port-unreachable 

Chain icmpchk (3 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain input_custom (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ipdrop_global (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all  --  *      *       43.255.190.0/23      0.0.0.0/0           

Chain output_custom (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ssh (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all  --  *      *       67.18.2.226          0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       50.23.47.206         0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       70.87.80.194         0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       216.106.185.169      0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       12.96.160.0/24       0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       216.19.0.0/24        0.0.0.0/0           
       0        0            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW recent: SET name: DEFAULT side: source 
       0        0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW recent: CHECK seconds: 60 hit_count: 10 name: DEFAULT side: source limit: avg 10/min burst 5 LOG flags 0 level 5 prefix 'SSH-ATTACK : ' 
       0        0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source reject-with tcp-reset 
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain tcpchk (3 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain udpchk (3 references)
    pkts      bytes target     prot opt in     out     source               destination

mysql iptables linux

por diogo.abdalla 30.01.2018 / 16:27

1 resposta

Tags mysql iptables linux

Classificando uma lista de arquivos no Windows Como evitar a atualização do Windows 7 para 10? [duplicado]

score 2 · Accepted Answer

veja que linha "-A INPUT -j DROP"? Isso eliminará qualquer tráfego na cadeia de entrada antes que atinja suas regras do mysql, pois as regras são lidas de cima para baixo. O -A significa acrescentar, então quaisquer regras depois disso são colocadas após a que deixa tudo, portanto, aquelas nunca correspondem a nenhum tráfego.

Você também tem um problema semelhante em sua cadeia OUTPUT. Suas opções são: a) use -P DROP na cadeia, que irá usar como padrão para soltar como última ação se nenhuma outra coincidir (e remover a regra que você tem agora), ou b) colocar essa regra por último para que seja anexada depois de todos os outros. Você também usa -I para inserir (o que colocará a regra primeiro) em vez de -A, mas é meio confuso misturar com -A imho.