On 11/09/17 13:49, Phil Stracchino wrote: > On 09/11/17 07:29, Davide Marchi wrote: >> Hi friends, >> >> I've enabled between two servers (VPS Debian Jessie), the MySQL >> Replication feature. >> For this I've open the "3306" port. >> >> >> My question: is this a safe operation or should I also do something >> other for improve the firewall level, always without the risk or >> compromising communication between the two servers? > If your replication traffic goes outside your firewall, consider > requiring SSL on the replication connection. You will have to configure > this on both the master and the slave. > > If reconfiguring mysqld on the primary is too high-impact for you, you could use stunnel (or similar), which would be almost transparent [just a change master on the replica].
If you haven't already (not sure from the wording of your original post) you should also restrict the rule to just the source IP of the replica, otherwise you're bound to get a lot of attempts to break in to the database. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
