FirewallD allow MySQL remote access

Dec 06, 2021 · 1 min read · Post a comment
FirewallD allow MySQL remote access

On most of the RHEL based distributions, FirewallD comes as a default firewall and it’s configured to pass only ssh connections by default. Therefore in this tutorial, I’m going to show you how to create a new zone and allow MySQL remote access for a specific IP address.


  • FirewallD
  • sudo user

Allow MySQL remote access in FirewallD

Step 1. Create a new zone.

firewall-cmd --new-zone=mysql-access --permanent

Step 2. To apply the new changes reload the firewalld.

firewall-cmd --reload

If you want to double check and list the firewalld zones, run:

firewall-cmd --get-zones

Step 3. First add the IP address that you want to allow.

firewall-cmd --zone=mysql-access --add-source= --permanent

Step 4. I’m going to add the default MySQL port 3306. If you use your own custom port change it in the rule.

firewall-cmd --zone=mysql-access --add-port=3306/tcp  --permanent

Step 5. Reload the firewalld to apply the new changes.

firewall-cmd --reload

Step 6. To make sure that the mysql-access zone is correctly configured, run:

firewall-cmd --zone=mysql-access --list-all

Example output:

mysql-access (active)
  target: default
  icmp-block-inversion: no
  ports: 3306/tcp
  masquerade: no
  rich rules:

Now you should be able to establish a connection between your MySQL server and your machine.


If you need some specific rules to be enabled or disabled regarding MySQL in FirewallD config please put a comment below. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.