I use apf just like a lot of you.
Put this lines on /etc/apf/deny_hosts.rules but it did not worked.
CODE
tcp:in:d=3306:s=0.0.0.0
udp:in:d=3306:s=0.0.0.0
udp:in:d=3306:s=0.0.0.0
I can still trace it as open port using nmap from my home box.
Full Version: How do I block access using apf?
I am trying to close my 3306 port (mysql) from outside access.
I use apf just like a lot of you.
Put this lines on /etc/apf/deny_hosts.rules but it did not worked.
I can still trace it as open port using nmap from my home box.
I use apf just like a lot of you.
Put this lines on /etc/apf/deny_hosts.rules but it did not worked.
I can still trace it as open port using nmap from my home box.
Just to verify, try running
CODE
iptables -L INPUT
from an ssh session to see whether you have a rule in place to drop incoming traffic on port 3306.
Here is it:
Do you use any rules at /etc/apf/deny_hosts.rules ?
CODE
iptables -L INPUT | grep mysql
DROP tcp -- 0.0.0.0 anywhere tcp dpt:mysql
DROP udp -- 0.0.0.0 anywhere udp dpt:mysql
DROP tcp -- 0.0.0.0 anywhere tcp dpt:mysql
DROP udp -- 0.0.0.0 anywhere udp dpt:mysql
Do you use any rules at /etc/apf/deny_hosts.rules ?
Jaime, looks like your firewall is set to drop incoming requests to port 3306. In fact, looking at the "conf.apf" file, it's filtered by default, so unless you made changes you should be ok 
Are you actually running MySQL (or another service on that port) at the moment?
Are you actually running MySQL (or another service on that port) at the moment?
Yes, I am running MySQL on my server. That is why I want to block non-localhost access.
Look:
Doesn't this mean the port is open?
Look:
CODE
my_home_box> telnet *my_server_ip* 3306
Trying *my_server_ip*...
Connected to *my_server_ip*.
Escape character is '^]'.
0
4.0.15-standardÔ Y;<Uy$@,Connection closed by foreign host.
Trying *my_server_ip*...
Connected to *my_server_ip*.
Escape character is '^]'.
0
4.0.15-standardÔ Y;<Uy$@,Connection closed by foreign host.
Doesn't this mean the port is open?
Do you still have
in your deny_hosts.rules? If so can you try removing it and then restart apf; because I think the rule your seeing for MySQL when you "iptables -L INPUT | grep mysql" is the one you've placed in "deny_hosts.rules".
CODE
tcp:in:d=3306:s=0.0.0.0
udp:in:d=3306:s=0.0.0.0
udp:in:d=3306:s=0.0.0.0
in your deny_hosts.rules? If so can you try removing it and then restart apf; because I think the rule your seeing for MySQL when you "iptables -L INPUT | grep mysql" is the one you've placed in "deny_hosts.rules".
Well, if I remove it, I don't see it using 'iptables -L' but the port remains open.
I thought putting it on deny_hosts.rules would close it. But it doesn't.
I thought putting it on deny_hosts.rules would close it. But it doesn't.
hmmm .. what do you have in your "conf.apf" file under the following section:
CODE
##
# [Common Ports: Ingress]
#
# Configure ingress (inbound) accepted common ports. This is an optional
# feature; ports and customized entries may be made directly to an ip's
# virtual net file located in the vnet/ directory.
##
#
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="22"
# [Common Ports: Ingress]
#
# Configure ingress (inbound) accepted common ports. This is an optional
# feature; ports and customized entries may be made directly to an ip's
# virtual net file located in the vnet/ directory.
##
#
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="22"
Here it is:
I think that, as it is a >1024 port, it may be open by default.
Running nmap, I see that the port 1040 is open too, and ftp-data is closed.
That is weird.
CODE
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,2082,2083,2086,2087,2095,2096"
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,2082,2083,2086,2087,2095,2096"
I think that, as it is a >1024 port, it may be open by default.
Running nmap, I see that the port 1040 is open too, and ftp-data is closed.
That is weird.
CODE
Starting nmap 3.48 ( http://www.insecure.org/nmap/ )
Interesting ports on xxxxxxx (yyyyyyy):
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap
443/tcp open https
1040/tcp open netsaint
2082/tcp open unknown
2083/tcp open unknown
2084/tcp open unknown
2086/tcp open unknown
2087/tcp open unknown
2095/tcp open unknown
2096/tcp open unknown
3306/tcp open mysql
Interesting ports on xxxxxxx (yyyyyyy):
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap
443/tcp open https
1040/tcp open netsaint
2082/tcp open unknown
2083/tcp open unknown
2084/tcp open unknown
2086/tcp open unknown
2087/tcp open unknown
2095/tcp open unknown
2096/tcp open unknown
3306/tcp open mysql
Do you have anything listening on that port (1040) ?
QUOTE (Force-10)
Do you have anything listening on that port (1040) ?
No, but I think SM uses this port for the server monitoring (I have no clue how they do that).
this are the ports i have open in APF
the only thing i had to do to make SM able to monitor the server was to add 12.96.160.0/24 in allow_hosts.rules and uncomment $IPT -t filter -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j $DSTOP
in ICMP.rules
CODE
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,26,53,80,110,143,443,953,2082,2083,2086,2087,2095,2096,3306,19638"
IG_TCP_CPORTS="21,22,25,26,53,80,110,143,443,953,2082,2083,2086,2087,2095,2096,3306,19638"
the only thing i had to do to make SM able to monitor the server was to add 12.96.160.0/24 in allow_hosts.rules and uncomment $IPT -t filter -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j $DSTOP
in ICMP.rules
What is nmap?
QUOTE (jjf1990)
What is nmap?
Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing...
Take a look at http://www.insecure.org/nmap/.
I recommend that you guys check your ports if you are running Cpanel you should have plenty more ports open. It should be something like this
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2082,2083,2086,2087,2
089,2095,2096,6666"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"
RooK
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2082,2083,2086,2087,2
089,2095,2096,6666"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"
RooK
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.