Secure Memcached on Linux

phptuts December 20, 2018

Memcached is Vulnerable and hacker can use your server to DDOS victims, so you must secure your memcached server.

I. By iptables

Step 1: disable all connect to port 11211

iptables -I INPUT -p udp --dport 11211 -j DROP
iptables -I INPUT -p tcp --dport 11211 -j DROP

Step 2: open port 11211 for only localhost

iptables -I INPUT -p udp -s 127.0.0.1 --dport 11211 -j ACCEPT
iptables -I INPUT -p tcp -s 127.0.0.1 --dport 11211 -j ACCEPT

Step 3: open port 11211 for your other server:

For one IP:

iptables -I INPUT -p udp -s 11.11.11.11 --dport 11211 -j ACCEPT
iptables -I INPUT -p tcp -s 11.11.11.11 --dport 11211 -j ACCEPT
service iptables save

For IP CIDR:

iptables -I INPUT -p udp -s 11.11.11.11/16 --dport 11211 -j ACCEPT
iptables -I INPUT -p tcp -s 11.11.11.11/16 --dport 11211 -j ACCEPT
service iptables save

II. By firewalld

Step 1: disable all connect to port 11211

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port protocol="tcp" port="11211" reject'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port protocol="udp" port="11211" reject'

Step 2: open port 11211 for only localhost

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="127.0.0.1" port protocol="tcp" port="11211" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="127.0.0.1" port protocol="udp" port="11211" accept'

Step 3: open port 11211 for your other server:

For one IP:

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="11.11.11.11" port protocol="tcp" port="11211" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="11.11.11.11" port protocol="udp" port="11211" accept'
sudo firewall-cmd --reload

For IP CIDR:

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="11.11.11.11/16" port protocol="tcp" port="11211" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="11.11.11.11/16" port protocol="udp" port="11211" accept'
sudo firewall-cmd --reload

Free Online Tutorials

Secure Memcached on Linux

phptuts

Leave a Reply Cancel reply

Secure Memcached on Linux

phptuts

Related Posts

Libreoffice on Ubuntu: how to fix error: failed to read path from javaldx

Ubuntu: mount WebDAV with fuse and rclone

Ubuntu: how to fix error 404 Not Found for command apt install

Linux: how to fix error: E230001: Server SSL certificate verification failed: issuer is not trusted

Ubuntu error when build PHP with OpenSSL: expected ‘RSA *’ {aka ‘struct rsa_st *’} but argument is of type ‘const struct rsa_st *’

Leave a Reply Cancel reply

Ubuntu error when build PHP with OpenSSL: expected ‘RSA ’ {aka ‘struct rsa_st ’} but argument is of type ‘const struct rsa_st *’