Whitelist an IP in CSF for remote MySQL connections

ConfigServer Security & Firewall (csf) is a popular firewall for Linux web servers. Many cPanel web servers use it. By default, the csf is configured to block incoming connections to MySQL port, which is 3306.
But you have a client that requires a direct connection to the MySQL server. What can you do? Opening the port 3306 to the public is not a very good idea. You can set up a rule in csf to allow incoming connections to MySQL from specific IP(s).

csf WHM Interface
csf WHM Interface

For this you will need to edit the file /etc/csf/csf.allow

####################### ########################## # Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ########################## # The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore

Add the following lines to the file /etc/csf/csf.allow (replace 192.168.1.0 with the desired IP):

tcp|in|d=3306|s=192.168.1.0
udp|in|d=3306|s=192.168.1.0

Restart csf and that IP will be able to connect to the MySQL/MariaDB server.

This Post Has 3 Comments

  1. Simeão Pires

    Hello,

    I have this problem, but I need to allow MySQL remote connection for all IP because I have many clients with dinamic IP. What can I do?
    Can you help me?

  2. Dave

    getting “Connection refused”

Leave a Reply