securing MySQL: easiest/best ways?

Paul Beard paulbeard at
Tue May 8 13:49:07 UTC 2012

Monkeying with IPv6, I discovered that globally routable addresses are what it says on the tin, so hiding behind a network appliance is not longer viable for me. An nmap scan showed the port 3306 was hanging out for all to see but  I couldn't figure out how to close it off. The "--skip-networking" argument seems not to work, either in my.cnf or as an rc argument. The server just fails to start. (For some reason the socket is hard-coded to live in /tmp, regardless of what's in my.cnf but I gave up bothering about that.)

What I ended up doing was adding 


to /etc/rc.conf. This seems to work as netstat and sockstat no longer show port 3306 listening and database connections are happening. 

Is this the preferred/best way? 
Paul Beard

Are you trying to win an argument or solve a problem? 

More information about the freebsd-questions mailing list