MySQL Enterprise Firewall installation is a one-time operation that installs the components described in Section 126.96.36.199, “MySQL Enterprise Firewall Components”. Installation can be performed using a graphical interface or manually:
On Windows, MySQL Installer includes an option to enable MySQL Enterprise Firewall for you.
MySQL Workbench 6.3.4 or higher can install MySQL Enterprise Firewall, enable or disable an installed firewall, or uninstall the firewall.
Manual MySQL Enterprise Firewall installation involves running a script located in the
sharedirectory of your MySQL installation.
Read this entire section before following its instructions. Parts of the procedure differ depending on your environment.
If installed, MySQL Enterprise Firewall involves some minimal overhead even when disabled. To avoid this overhead, do not install the firewall unless you plan to use it.
MySQL Enterprise Firewall does not work together with the query cache. If the query cache is enabled, disable it before installing the firewall (see Query Cache Configuration).
For usage instructions, see Section 188.8.131.52, “Using MySQL Enterprise Firewall”. For reference information, see Section 184.108.40.206, “MySQL Enterprise Firewall Reference”.
If MySQL Enterprise Firewall is already installed from an older version of MySQL, uninstall it using the instructions given later in this section and then restart your server before installing the current version. In this case, it is also necessary to register your configuration again.
On Windows, you can use MySQL Installer to install MySQL Enterprise Firewall, as shown in Figure 6.2, “MySQL Enterprise Firewall Installation on Windows”. Check the Enable MySQL Enterprise Firewall check box. (Open Firewall port for network access has a different purpose. It refers to Windows Firewall and controls whether Windows blocks the TCP/IP port on which the MySQL server listens for client connections.)
There is an issue for MySQL 8.0.19 installed using MySQL Installer that prevents the server from starting if MySQL Enterprise Firewall is selected during the server configuration steps. If the server startup operation fails, clickto end the configuration process and return to the dashboard. You must uninstall the server.
The workaround is to run MySQL Installer without MySQL Enterprise Firewall selected. (That is, do not select the Enable MySQL Enterprise Firewall check box.) Then install MySQL Enterprise Firewall afterward using the instructions for manual installation later in this section. This problem is corrected in MySQL 8.0.20.
To install MySQL Enterprise Firewall using MySQL Workbench 6.3.4 or higher, see MySQL Enterprise Firewall Interface.
To install MySQL Enterprise Firewall manually, look in the
share directory of your MySQL
installation and choose the script that is appropriate for
your platform. The available scripts differ in the suffix used
to refer to the plugin library file:
win_install_firewall.sql: Choose this script for Windows systems that use
.dllas the file name suffix.
linux_install_firewall.sql: Choose this script for Linux and similar systems that use
.soas the file name suffix.
The installation script creates stored procedures in the
default database, so choose a database to use. Then run the
script as follows, naming the chosen database on the command
line. The example here uses the
database and the Linux installation script. Make the
appropriate substitutions for your system.
shell> mysql -u root -p mysql < linux_install_firewall.sql Enter password: (enter root password here)
To use MySQL Enterprise Firewall in the context of master/slave replication,
Group Replication, or InnoDB cluster, you must prepare the
slave or secondary nodes prior to running the installation
script on the master or primary node. This is necessary
statements in the script are not replicated.
On each slave or secondary node, extract the
INSTALL PLUGINstatements from the installation script and execute them manually.
On the master or primary node, run the installation script as described previously.
Installing MySQL Enterprise Firewall either using a graphical interface or manually should enable the firewall. To verify that, connect to the server and execute this statement:
mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode'; +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | mysql_firewall_mode | ON | +---------------------+-------+
If the plugin fails to initialize, check the server error log for diagnostic messages.
MySQL Enterprise Firewall can be uninstalled using MySQL Workbench or manually.
To uninstall MySQL Enterprise Firewall using MySQL Workbench 6.3.4 or higher, see MySQL Enterprise Firewall Interface.
To uninstall MySQL Enterprise Firewall manually, execute the following
statements. It is assumed that the stored procedures were
created in the
mysql database. Adjust the
DROP PROCEDURE statements
appropriately if the procedures were created in a different
DROP TABLE mysql.firewall_whitelist; DROP TABLE mysql.firewall_users; UNINSTALL PLUGIN mysql_firewall; UNINSTALL PLUGIN mysql_firewall_whitelist; UNINSTALL PLUGIN mysql_firewall_users; DROP FUNCTION set_firewall_mode; DROP FUNCTION normalize_statement; DROP FUNCTION read_firewall_whitelist; DROP FUNCTION read_firewall_users; DROP FUNCTION mysql_firewall_flush_status; DROP PROCEDURE mysql.sp_set_firewall_mode; DROP PROCEDURE mysql.sp_reload_firewall_rules;