The number of ports used by MySQL depends on features that are enabled, the components used, how applications connect, and other aspects of your environment.
From a security perspective, ports should only be opened as required to permit system components to communicate. Always practice the principle of least privilege when managing ports, which requires that users, processes, programs, and other system components only have access to information and resources that are required for their legitimate purpose.
How port access is managed depends on different aspects of your environment such as operating system capabilities, firewalls, security tools, use of virtual private networking (VPN), and so on. Some MySQL installation packages assist with port access configuration for core MySQL ports. For example, the MySQL Installer Server package for Windows adds access rules to the Windows firewall, and MySQL for Linux packages add access rules to SELinux or AppArmor. However, MySQL does not assist with less common, optional, or non-MySQL product ports. In these cases, ports must be opened manually with commands such as this one for SELinux:
shell> semanage port -a -t mysqld_port_t -p tcp <port_open_to_mysqld>