Jump to: navigation, search

Liquidweb 728x90.jpg

How to Allow MySQL Traffic using firewalld on CentOS 7[edit]

By default CentOS 7 uses firewalld as the software firewall, instead of iptables. The default rules for firewalld are fairly strict, which is a good thing. MySQL uses port 3306 to communicate, this port is not open by default so if you want to allow remote access you need to update firewalld.

The first thing you will want to do is list all the services that firewalld knows about, make sure that mysql is listed here. If it is then move on to the next step

firewall-cmd --get-services

To allow remote access to mysql, you'd run this command. Keep in mind this opens port 3306 to all IPs. This is not a good idea to do unless you've already locked down your private network, even then you should probably only allow access to certain IPs or else you may have a bad time, mmkay.

firewall-cmd --zone=public --add-service=mysql --permanent

If you want to set more fine grained firewalld rules to restrict access to MySQL you would want to use a command like this.

firewall-cmd --add-rich-rule 'rule family="ipv4" source address="$your_IP_or_IP_Range" service name="mysql" accept' --permanent

The easiest way to test / verify that port 3306 is now open is to either run telnet from a remote host or try to connect using the mysql cli

telnet $MySQL_IP 3306
mysql -h $MySQL_IP -u $MySQL_User - p $Database

You should be able to connect if you properly applied the rules