?????????п??? MySQL ???????????
????1.???mysql??????user?????user???????????????????User??username????Host?????????MySQL??IP??????123.118.17.201?????????????????????????????????????IP?????????????IP??????????????Host?????‘%’????????????Σ????????飩??
????????myuser???mypassword???κ??????????mysql??????
????<code>    mysql> GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'%' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;</code>
????????????????myuser??ip? 123.57.20.21 ???????????mysql?????????????mypassword???????
????<code>mysql> GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'123.57.20.21' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;</code>
????2.?????user?????? flush privileges ???????
?????????????????????????????????????
??????????????????????????
????1.??? ss -tlnp ????????????????
???????????mysql???????????????????
??????????????????????п???3306??????mysql???????????????????
????2.?? MySQL ??????? my.cnf??/etc/mysql/my.cnf??
???????
????<code>bind-address = 127.0.0.1</code>
????????
????<code>skip-networking</code>
???????????????????mysql??
????skip-networking ?? ???? skip-networking ???????????MySQL??TCP/IP????????
????????? ss -tlnp ????????????????
???????????mysql???????????????????
?????????????????????????????????????
????????iptables (?????) ????????????MySQL????
???????????????????????????????????????sudo iptables -F???????iptables?????????????????????ж??????????80??????????????????????????????ssh???????????????????????????????????????????????
????1.??? sudo iptables -L -n ??iptables????
????<code>%sudo iptables -L -n
????Chain INPUT (policy DROP)
????target     prot opt source               destination
????ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
????ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21
????ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
????ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
????ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
????ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state ESTABLISHED
????Chain FORWARD (policy ACCEPT)
????target     prot opt source               destination
????Chain OUTPUT (policy ACCEPT)
????target     prot opt source               destination</code>
?????????????????????21??ftp????22(ssh)????80(http)????
????2.??? iptables
????<code>#??iptables????洢????????
????%sudo iptables-save > ~/iptables.save
????# ????????
????%sudo vim ~/iptables.save
????# Generated by iptables-save v1.4.21 on Tue Sep 13 09:00:12 2016
????*filter
????:INPUT DROP [31186:1828159]
????:FORWARD ACCEPT [0:0]
????:OUTPUT ACCEPT [73190648:74353549865]
????-A INPUT -i lo -j ACCEPT
????-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
????-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
????-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
????-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
????-A INPUT -m state --state ESTABLISHED -j ACCEPT
????COMMIT
????# Completed on Tue Sep 13 09:00:12 2016</code>
????????????????
????<code># Generated by iptables-save v1.4.21 on Tue Sep 13 09:00:12 2016
????*filter
????:INPUT DROP [31186:1828159]
????:FORWARD ACCEPT [0:0]
????:OUTPUT ACCEPT [73190648:74353549865]
????-A INPUT -i lo -j ACCEPT
????-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
????-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
????-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
????#-s ???????????IP
????-A INPUT -p tcp -m tcp -s 123.57.20.21 --dport 3306 -j ACCEPT
????-A INPUT -p tcp -m tcp -s 123.57.20.21 --dport 3306 -j ACCEPT
????-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
????-A INPUT -m state --state ESTABLISHED -j ACCEPT
????COMMIT
????# Completed on Tue Sep 13 09:00:12 2016</code>
????????
????3.??iptables.save?е?????????????????iptables??
????<code>%sudo cat ~/iptables.save | sudo iptables-restore
????#????????????iptables????????Ч???????????????Ч???????Ч???????????????iptables????????????</code>
?????????? sudo iptables -L -n ??iptables????
????<code>%sudo iptables -L -n
????Chain INPUT (policy DROP)
????target     prot opt source               destination
????ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
????ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21
????ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
????ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
????ACCEPT     tcp  --  123.57.20.21         0.0.0.0/0            tcp dpt:3306
????ACCEPT     tcp  --  123.57.20.21         0.0.0.0/0            tcp dpt:3306
????ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
????ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state ESTABLISHED
????Chain FORWARD (policy ACCEPT)
????target     prot opt source               destination
????Chain OUTPUT (policy ACCEPT)
????target     prot opt source               destination</code>
??????γ???????mysql??ü????????????