Solution for adding iptables firewall policy to MySQL service

Solution for adding iptables firewall policy to MySQL service

If your MySQL database is installed on a centos7 system and your operating system has a firewall enabled. If your application wants to access a MySQL database, you have 2 solutions.

Solution 1: Stop the firewall service Solution 2: Add a policy in the firewall to allow the application to access the MySQL service port normally

Stop Centos7 firewall

Check the firewall operation status

[root@mysql ~]# firewall-cmd --state
running

Stop the firewall service

[root@mysql ~]# systemctl stop firewalld.service

Start Centos7 firewall

Check the firewall operation status

[root@mysql ~]# firewall-cmd --state
not running

Start the firewall service

[root@mysql ~]# systemctl start firewalld.service

Configure the firewall to start at boot

[root@mysql ~]# systemctl enable firewalld.service

Access the MySQL service to test the connection to the MySQL service

[mysql@mysql ~]$ mysql -utony -ptony -h 192.168.112.131 -P 3306
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.112.131' (113)

Master-slave replication connection test [root@localhost] 15:23:46 [(none)]>show slave status\G;
*************************** 1. row ***************************
               Slave_IO_State: Connecting to master
                  Master_Host: 192.168.112.131
                  Master_User: repl
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: binlog.000034
          Read_Master_Log_Pos: 194
               Relay_Log_File:mysql-relay-bin.000007
                Relay_Log_Pos: 401
        Relay_Master_Log_File: binlog.000034
             Slave_IO_Running: Connecting
            Slave_SQL_Running: Yes
           .....
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 2003
                Last_IO_Error: error connecting to master '[email protected]:3306' - retry-time: 60 retries: 1
               Last_SQL_Errno: 0

The IO threads of the master and slave are disconnected, and a 2003 error is reported. This indicates that the network is unavailable and the services of the master database cannot be accessed.

Add MySQL service access policy in the firewall

View Firewall Policy

[root@mysql ~]# iptables -L -n --line-number|grep 3306

Since no access policy for port 3306 is added to the firewall, external applications cannot access the MySQL service.

[mysql@mysql ~]$ mysql -utony -ptony -h 192.168.112.131 -P 3306
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.112.131' (113)

Add access policy for port 3306

# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
[root@mysql ~]# iptables -L -n --line-number|grep 3306
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

You can see that the access policy for port 3306 has been added. External applications can access port 3306 through the TCP protocol.

Deleting a Firewall Policy

[root@mysql ~]# iptables -D INPUT 1
[root@mysql ~]# iptables -L -n --line-number|grep 3306

This is the end of this article about adding iptables firewall policy to MySQL service. For more relevant content about adding iptables firewall to MySQL service, please search previous articles on 123WORDPRESS.COM or continue to browse the related articles below. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:
  • Enable remote access rights for MySQL under Linux and open port 3306 in the firewall
  • Solution to mysql connection blocked by firewall under linux

<<:  DOCTYPE element detailed explanation complete version

>>:  Discuss the development trend of Baidu Encyclopedia UI

Recommend

How to generate random numbers with specified digits in MySQL and how to generate random numbers in batches

1. First introduce several commonly used MySQL fu...

Vue custom bullet box effect (confirmation box, prompt box)

This article example shares the specific code of ...

MySQL 5.6.23 Installation and Configuration Environment Variables Tutorial

This article shares the installation and configur...

Using NTP for Time Synchronization in Ubuntu

NTP is a TCP/IP protocol for synchronizing time o...

How to connect to a remote server and transfer files via a jump server in Linux

Recently, I encountered many problems when deploy...

How to solve the problem of Ubuntu 18.04 looping login/stuck on the boot interface/unable to enter the graphical interface

Cause: NVIDIA graphics card driver is damaged Sol...

How to solve the problem of MySQL query character set mismatch

Find the problem I recently encountered a problem...

Solve the problem of ugly blue border after adding hyperlink to html image img

HTML img produces an ugly blue border after addin...

About Zabbix custom monitoring items and triggers

Table of contents 1. Monitoring port Relationship...

MySQL 8.0.23 installation super detailed tutorial

Table of contents Preface 1. Download MySQL from ...

WeChat applet scroll-view realizes left-right linkage effect

WeChat applet uses scroll-view to achieve left-ri...

MySQL Optimization Summary - Total Number of Query Entries

1. COUNT(*) and COUNT(COL) COUNT(*) usually perfo...

OpenLayers realizes the method of aggregate display of point feature layers

Table of contents 1. Introduction 2. Aggregation ...

Textarea tag in HTML

<textarea></textarea> is used to crea...

Nginx forward and reverse proxy and load balancing functions configuration code example

This article mainly introduces the configuration ...