If iptables locks all incoming connections (INPUT DROP) and to add external access to MySQL, you need to add rules:
iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
To access only a particular network, for example 10.0.0.0/24:
iptables -A INPUT -s 10.0.0.0/24 -p tcp -m tcp --dport 3306 -j ACCEPT
To remove a rule, we’ll specify the same command, replacing -A with -D, for example:
iptables -D INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
To view the list of rules, use the command:
sudo iptables -nvL
I note that in order to open external access, you also need to comment out the line “bind-address = 127.0.0.1” in the my.cnf configuration file.
If by default INPUT ACCEPT, we first specify which IPs are allowed access, and only the last rule is blocked by all the others:
/sbin/iptables -A INPUT -s 127.0.0.1 -p tcp --destination-port 3306 -j ACCEPT /sbin/iptables -A INPUT -s 192.168.1.5 -p tcp --destination-port 3306 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
For example, using nmap, you can check locally and externally whether the access is filtered:
nmap -p 3306 localhost nmap -p 3306 192.168.1.5
See also:
Configuring IPTables
Other my articles about MySQL