firewalls, mysql,

firewalld allow MySQL remote access

Dec 06, 2021 · 1 min read · Post a comment

On most of the RHEL-based distributions, firewalld comes as a default firewall, and it’s configured to pass only SSH connections by default. Therefore, in this tutorial I’m going to show you how to create a new zone and allow MySQL remote access for a specific IP address.


  • firewalld
  • sudo privileges

Allow MySQL remote access in firewalld

Step 1. Create a new zone.

firewall-cmd --new-zone=mysql-access --permanent

Step 2. To apply the new changes reload the firewalld.

firewall-cmd --reload

If you want to double-check and list the firewalld zones, run:

firewall-cmd --get-zones

Step 3. First add the IP address that you want to allow.

firewall-cmd --zone=mysql-access --add-source= --permanent

Step 4. I’m going to add the default MySQL port 3306. If you use your own custom port change it in the rule.

firewall-cmd --zone=mysql-access --add-port=3306/tcp  --permanent

Step 5. Reload the firewalld to apply the new changes.

firewall-cmd --reload

Step 6. To make sure that the mysql-access zone is correctly configured, run:

firewall-cmd --zone=mysql-access --list-all


mysql-access (active)
  target: default
  icmp-block-inversion: no
  ports: 3306/tcp
  masquerade: no
  rich rules:

Now you should be able to establish a connection between your MySQL server and your machine.


If you need some specific rules to be enabled or disabled regarding MySQL in firewalld config please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.