I was just about to followup with this, saying that I was able to get it working, by not using any custom rules at all. Since the IP that I want to allow, is my local office, which is where I want to connect to the mySQL data from, it works already. Reason: I have my local office IP listed in the Trusted Network area of the Responsive firewall.
Of course, to get this to work, you have to change the listen address (bind address) in the etc/my.cnf file to listen on your public address, other than the loopback address.
I would probably change it to listen on any to have one thing less to remember just in case something changes, but that is just personal preference.
Oh yeah, I did that actually. Then I created a user with select access to the crdb database. The root user by default, on FreePBX installations, has no password. However, the root user can only log in from the local server, so I don't see a need to implement a password. Unless I'm missing something....
While I have never made a how to with a port range, the basic firewalld syntax is used all over the place on this forum by me and every system that I have ever seen that accepts a port range does so with the range hyphenated from lower boundary to upper boundary.
I would have thought that this was a colon, though, not a hyphen.
I have never seen it commonly used with a colon to represent a range
Native IPTables. 🙂
I rarely work with native IPTables. That would explain a difference in point of view.
Yeah, and for me I pretty much have done raw edits on /etc/sysconfig/iptables and never used external tools. Now with FirewallD I'm relearning the syntax for everything on Linux firewalls.
Well, at least I'm not the only one then. Learning how to use firewall-cmd still feels a bit odd.
We lead with geo-specific deny rules to block regions before allowing ports.
And in that case it makes sense. You're blocking all traffic from China or Russia, for example. Then you allow the ports you want open but those countries are blocked, and maybe every other country is fine (hopefully you haven't blocked Spain... ;)), and then you deny the rest. That also makes logistical sense. I don't disagree with @thecreativeone91. It all comes down to what your objective is and then determining the best way to approach it.