MySQL Workbench Manual  /  Administrative Tasks  /  MySQL Enterprise Firewall Interface

6.8 MySQL Enterprise Firewall Interface

MySQL Workbench offers a GUI interface to MySQL Enterprise Firewall.

Note

The MySQL Enterprise Firewall interface was added in MySQL Workbench 6.3.4.

For additional information about MySQL Enterprise Firewall, see https://dev.mysql.com/doc/en/firewall.html.

Setup and Configuration

MySQL Workbench can manage the MySQL Enterprise Firewall installation and configuration by installing (or uninstalling) and enabling (or disabling) the plugin.

Note

Alternatively, you can manually install and enable MySQL Enterprise Firewall. For additional information, see Installing or Uninstalling MySQL Enterprise Firewall.

  • Enable: Executes SET GLOBAL mysql_firewall_mode = ON; against the connected MySQL server. Disable sets it to OFF instead of ON.

    This is a runtime operation. Configure the MySQL server configuration file to enable MySQL Enterprise Firewall at startup.

  • Install: Executes queries to install the new MySQL Enterprise Firewall tables and stored procedure needed to switch the state. Uninstall reverses these effects, which also removes the recorded rules.

Figure 6.42 MySQL Enterprise Firewall Installation and Configuration

MySQL Enterprise Firewall Installation and Configuration

Because clicking Enable Firewall from MySQL Workbench is a runtime operation, enabling the mysql_firewall_mode option in the configuration option will enable it after a restart. Manually edit the MySQL configuration file, or use MySQL Workbench to edit it.

Figure 6.43 Edit MySQL Enterprise Firewall Options Using Workbench

Edit MySQL Enterprise Firewall Options Using Workbench

Firewall Rules and Information

The Firewall Rules tab lists the active and recorded rules for a given user, the state of each rule, and includes options to add, delete, and save rules.

  • State (mode): Options include OFF (disables the firewall), PROTECTING (enables the whitelist), RECORDING (training mode), and RESET (removes the rules). For additional information about the meaning of these states, see MySQL Enterprise Firewall Procedures and Functions.

  • Administrative actions include Add and Delete for individual rules, and Clear to clear (remove) all rules. Add From File prompts for a firewall rules text file (defaults to the .fwr extension) that contains one rule per line, and Save To File saves the current rules.

  • Active rules are used in PROTECTIVE mode, and Rules being recorded are entries still being RECORDED. Switching from RECORDING to PROTECTING mode copies the recorded rules into the active rule subset.

Note

MySQL Workbench executes queries, gets variables, and performs a lot of checks. For this reason, MySQL Workbench is more useful as an administration tool for MySQL Enterprise Firewall than a tool to record rules. For example, RECORDING rules in MySQL Workbench will record the behind-the-scenes operations performed by MySQL Workbench for the MySQL user. Also, using MySQL Workbench by a MySQL user in PROTECTING mode will attempt to execute operations that a typical firewalled MySQL user might not have access to.

Figure 6.44 MySQL Enterprise Firewall Rules

MySQL Enterprise Firewall Rules


User Comments
Sign Up Login You must be logged in to post a comment.