Hi, I need to configure a mysql replication where ISPconfig will be the master. Until now the mysql port (3306) was closed. I'm concerned by the security and I don't want this port opened for all but only one ip (mysql slave). How can I do this? At the GUI interface we only can configure ports, not IP. We must configure custom iptables rules? I know that if I leave the mysql port opened I can control the access to mysql with mysql authentication (user/localhost), but it's more secure if the firewall block it, no?? ;-) thanks
I'm not sure if Bastille can do this. Please check out the Bastille configuration file in /etc/Bastille. If this isn't possible, you might have to use another firewall.
i think this is what you are looking for: http://www.howtoforge.com/forums/showpost.php?p=38125&postcount=4 http://www.howtoforge.com/forums/showpost.php?p=202906&postcount=4
This is a basic step for a multiserver setup: In /etc/Bastille/firewall.d/pre-chain-split.d create a file, for example: mysql.sh ################## ${IPTABLES} -A PUB_IN -p tcp -s 1.2.3.4 --dport 3306 -j PAROLE ${IPTABLES} -A PUB_IN -p udp -s 1.2.3.4 --dport 3306 -j ACCEPT ################## where 1.2.3.4 is the ip of youre slave. Just add any more slaves.
firts sorry for my delayed reply, another tasks puts this configuration in a queue ;-) Now we return over this configuration server and I test our recommendations Thanks for your help
