On most of the RHEL-based distributions, firewalld comes as a default firewall, and it’s configured to pass only SSH connections by default. Therefore, in this tutorial I’m going to show you how to create a new zone and allow MySQL remote access for a specific IP address.
Prerequisites
- firewalld
- sudo privileges
Allow MySQL remote access in firewalld
Step 1. Create a new zone.
firewall-cmd --new-zone=mysql-access --permanent
Step 2. To apply the new changes reload the firewalld.
firewall-cmd --reload
If you want to double-check and list the firewalld zones, run:
firewall-cmd --get-zones
Step 3. First add the IP address that you want to allow.
firewall-cmd --zone=mysql-access --add-source=96.52.17.9/32 --permanent
Step 4. I’m going to add the default MySQL port 3306. If you use your own custom port change it in the rule.
firewall-cmd --zone=mysql-access --add-port=3306/tcp --permanent
Step 5. Reload the firewalld to apply the new changes.
firewall-cmd --reload
Step 6. To make sure that the mysql-access zone is correctly configured, run:
firewall-cmd --zone=mysql-access --list-all
Output:
mysql-access (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 96.52.17.9/32
services:
ports: 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Now you should be able to establish a connection between your MySQL server and your machine.
Conclusion
If you need some specific rules to be enabled or disabled regarding MySQL in firewalld config please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.