Allow a set of ip addresses for a managed database using linode-cli
Hi,
This command gives me the error: "Must be of type Array"
ips="[\"139.162.200.55/32\",\"109.237.26.122/32\",\"176.58.113.27/32\"]"
/usr/local/bin/linode-cli databases mysql-update --allow_list ${ips} 971
Where 971 is the instance id of a managed mysql instance.
Does anyone know the correct syntax for the "allow_list" parameter?
Thanks
Peter
1 Reply
This looks like a snippet from a shell script. If so, then
ips="[\"139.162.200.55/32\",\"109.237.26.122/32\",\"176.58.113.27/32\"]"
can be replaced with (the far more readable, IMHO):
ips='["139.162.200.55/32","109.237.26.122/32","176.58.113.27/32"]'
What I would do is block all traffic for port 3306 except for the 3 IP addresses listed (and localhost) in the firewall. Then, you don't have to use --allow-list at all and, IMHO, you have a much more foolproof solution (that is enforced at a much lower level than mysql).
You can do this with ipset using a single rule to allow the ipset entries. That way, if your list changes, you modify the ipset…not the firewall rule(s).
-- sw