= Allow or prevent access from the network to the database server == Allow access to the database from the network To allow remote connections, you need to open the port 3306 on the firewall. ---- $ sudo firewall-cmd --add-service=mysql --permanent $ sudo firewall-cmd --reload ---- In addition you have to grant rights to the user you want to use to connect to the database. From the mysql shell, for example, grant all the privileges on the database _test_ to _my_user_ user connecting from the host _192.168.1.1_ using the password _PaSsWoRd_: ---- mysql> GRANT ALL PRIVILEGES ON test.* TO 'my_user'@'192.168.1.1' IDENTIFIED BY 'PaSsWoRd'; ---- == Limit the access to the database only from localhost On the other hand, if you want to avoid to expose the database service on the network, edit the configuration file * `/etc/my.cnf.d/mariadb-server.cnf` for MariaDB * `/etc/my.cnf.d/community-mysql-server.cnf` for MySQL * `/etc/my.cnf` for MySQL installed from the third party repository and add/uncomment/modify this option in the `[mysqld]` section ---- bind-address=127.0.0.1 ---- Restart the service (use `mysqld` in place of `mariadb` if it is the case) ---- $ sudo systemctl restart mariadb ---- Verify that the service is listening only on localhost (127.0.0.1). The output of this command: ---- $ ss -ntl |grep 3306 ---- should look like: ---- LISTEN 0 80 127.0.0.1:3306 0.0.0.0:* ----