I have a postgres 9.1 server running on the default port 5432 on an Ubuntu 12.04 cloud server.
I want to open up the port, so I can make remote queries -- but I have to open the port on IP tables, which requires that I specify a protocol. This doc does not mention TCP/UDP, etc.
What protocol should I permit in IP tables?
The protocol is plain TCP/IP.
From posgresql documentation about "frontends" and "backends" protocol:
PostgreSQL uses a message-based protocol for communication between frontends and backends (clients and servers). The protocol is supported over TCP/IP and also over Unix-domain sockets. Port number 5432 has been registered with IANA as the customary TCP port number for servers supporting this protocol, but in practice any non-privileged port number can be used.
So regarding iptables use the tcp protocol, as Unix-domain socket are not meant to be used over network.
iptables example:
iptables <other_options> -p tcp -dport 5432 -j ACCEPT
Note:
As pointed out by Lekensteyn, it is especially wise to consider activating SSL over that network connection (see postgresql documentation regarding using TCP-over-SSL). The iptables rule would not change in that case: same port (5432), same protocol (tcp).
By default PostgreSQLt listen on TCP port 5432. Use the following iptables rules allows incoming client request (open port 5432).
-A INPUT -p tcp --dport 5432 -s xxx.xxx.xxx.xxx -j ACCEPT
Where xxx.xxx.xxx.xxx is the IP of the server you're connecting from so you're not opening postgres up to the world.
-A INPUT -p tcp --dport 5432 -s xxx.xxx.xxx.xxx -j ACCEPT
Will this command change the pg_hba ?
