You are here
Block MySQL traffic for maintenance windows
From time to time some maintenance work on the MySQL database has to be done. During the maintenance window we do not want to have application traffic on the database.
Sometimes it is hard to shut down all applications spread over the whole company. Or we want to allow only some specific hosts to access mysql from remote (for example the monitoring system or the backup server).
For this purpose we can use the Linux packet filtering.
To see what packet filtering rules are available we can run the following command:
iptables -L INPUT -v
To close the MySQL port on all interfaces we use:
iptables -A INPUT -p tcp --dport mysql -j DROP
and to open the MySQL port again after the maintenance window:
iptables -D INPUT -p tcp --dport mysql -j DROP
-i option we can restrict the rule to a specific interface for example
eth0 and with the option
-s we can specify a specific source only. Or with a
! -s we can implement an inverse rule (all but).