MySQL Workbench provides a graphical interface to MySQL Enterprise Firewall. For additional information about MySQL Enterprise Firewall, see https://dev.mysql.com/doc/en/firewall.html.
MySQL Workbench can manage the MySQL Enterprise Firewall installation and configuration by installing (or uninstalling) and enabling (or disabling) the plugin, and enabling (or disabling) Firewall Tracer.
To prepare MySQL Enterprise Firewall plugin:
Open a connection to MySQL Enterprise Edition.
From the Navigator area of the sidebar and with the Administration secondary tab selected, click Firewall (see MYSQL ENTERPRISE) to open the Administration - Firewall secondary tab in the workspace.
If MySQL Enterprise Firewall is not installed, click Installed status, Enabled status, and Tracer status. The following figure shows the MySQL Enterprise Firewall installed, but not yet enabled within MySQL Workbench.. After the plugin is installed, MySQL Workbench displays three controls:
Clickto make the plugin fully operational, and optionally click to enable tracing. You can modify the plugin controls as follows:
Install: Executes queries to install the new MySQL Enterprise Firewall tables and stored procedure needed to switch the state. Uninstall reverses these effects, which also removes the recorded rules.
Enable: Executes SET GLOBAL mysql_firewall_mode = ON; against the connected MySQL server. Disable sets it to OFF instead of ON.
This is a runtime operation. Configure the MySQL server configuration file to enable MySQL Enterprise Firewall at startup. Specifically, select the
mysql_firewall_modeoption in the configuration option to enable it after a restart. You can edit the MySQL configuration file with an external editor or use MySQL Workbench to edit it.
The Firewall Rules tab lists the active and recorded rules for a given user, the state of each rule, and includes options to add, delete, and save rules. The next figure shows the actions available within the Firewall Rules tab.
State (mode): Options include OFF (disables the firewall), PROTECTING (enables the whitelist), RECORDING (training mode), and RESET (removes the rules). For additional information about the meaning of these states, see MySQL Enterprise Firewall Procedures and Functions.
Administrative actions includeand for individual rules, and to clear (remove) all rules. prompts for a firewall rules text file (defaults to the
.fwrextension) that contains one rule per line, and saves the current rules.
Active rules are used in PROTECTIVE mode, and Rules being recorded are entries still being RECORDED. Switching from RECORDING to PROTECTING mode copies the recorded rules into the active rule subset.
MySQL Workbench executes queries, gets variables, and performs a lot of checks. For this reason, MySQL Workbench is more useful as an administration tool for MySQL Enterprise Firewall than a tool to record rules. For example, RECORDING rules in MySQL Workbench will record the behind-the-scenes operations performed by MySQL Workbench for the MySQL user. Also, using MySQL Workbench by a MySQL user in PROTECTING mode will attempt to execute operations that a typical firewalled MySQL user might not have access to.