vicidial.org

ambiorixg12 wrote:White list the MYSQL port (3306) for the trusted IP, I use iptable for that, I dont have expertise using YAST

Code: Select all

iptables -I INPUT -1 -s 99.99.99.99 -j ACCEPT

# CLEAR ALL IPTABLE RULES
iptables -F
iptables -X

# ALLOW SYSTEM TRAFFIC
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# ALLOW ALL TRAFFIC FROM TRUSTED SOURCES #
iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Home Office

iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Remote Server

# T-MOBILE
iptables -A INPUT -s 100.128.0.0/9 -j ACCEPT #iPhone
iptables -A INPUT -s 172.32.0.0/11 -j ACCEPT #iPhone
iptables -A INPUT -s 208.54.0.0/17 -j ACCEPT #iPhone
iptables -A INPUT -s 208.54.128.0/19 -j ACCEPT #iPhone
iptables -A INPUT -s 50.28.192.0/18 -j ACCEPT #iPhone
iptables -A INPUT -s 162.160.0.0/11 -j ACCEPT #iPhone
iptables -A INPUT -s 206.29.160.0/19 -j ACCEPT #iPhone
iptables -A INPUT -s 216.155.160.0/20 -j ACCEPT #iPhone
iptables -A INPUT -s 66.94.0.0/19 -j ACCEPT #iPhone
iptables -A INPUT -s 72.250.0.0/17 -j ACCEPT #iPhone


#iptables -I INPUT -p tcp --match multiport --dports 80,443,8089 -s XXX.XXX.XXX.XXX -j ACCEPT
#iptables -I INPUT -p udp --match multiport --dports 8989,5060,5061,10000:25000 -s XXX.XXX.XXX.XXX -j ACCEPT

# SSL CERTIFICATE VERIFICATION
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# DROP ALL UNAUTHORIZED TRAFFIC
iptables -A INPUT -j DROP

# DROP ALL FORWARDING TRAFFIC
iptables -P FORWARD DROP

# ALLOW OUTBOUND TRAFFIC
iptables -P OUTPUT ACCEPT

iptables-save
iptables -vnL

# CLEAR ALL IPTABLE RULES
iptables -F
iptables -X

# ALLOW ALL TRAFFIC FROM TRUSTED SOURCES #
iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Home Office
iptables -A INPUT -s XXX.XXX.XXX.XXX -j ACCEPT #Remote Server

# DROP ALL UNAUTHORIZED TRAFFIC
iptables -A INPUT -j DROP

iptables -A INPUT -i eth0 -s XXX.XXX.XXX.XXX -p tcp --destination-port 3306 -j ACCEPT

Code: Select all

iptables-save