How to Allow MySQL Traffic using firewalld on CentOS 7
By default CentOS 7 uses firewalld as the software firewall, instead of iptables. The default rules for firewalld are fairly strict, which is a good thing. MySQL uses port 3306 to communicate, this port is not open by default so if you want to allow remote access you need to update firewalld.
The first thing you will want to do is list all the services that firewalld knows about, make sure that mysql is listed here. If it is then move on to the next step
To allow remote access to mysql, you'd run this command. Keep in mind this opens port 3306 to all IPs. This is not a good idea to do unless you've already locked down your private network, even then you should probably only allow access to certain IPs or else you may have a bad time, mmkay.
firewall-cmd --zone=public --add-service=mysql --permanent
If you want to set more fine grained firewalld rules to restrict access to MySQL you would want to use a command like this.
firewall-cmd --add-rich-rule 'rule family="ipv4" source address="$your_IP_or_IP_Range" service name="mysql" accept' --permanent
The easiest way to test / verify that port 3306 is now open is to either run telnet from a remote host or try to connect using the mysql cli
telnet $MySQL_IP 3306
mysql -h $MySQL_IP -u $MySQL_User - p $Database
You should be able to connect if you properly applied the rules