MySQL Workbench provides a graphical interface to MySQL Enterprise Firewall.
The MySQL Enterprise Firewall interface was added in MySQL Workbench 6.3.4.
For additional information about MySQL Enterprise Firewall, see https://dev.mysql.com/doc/en/firewall.html.
MySQL Workbench can manage the MySQL Enterprise Firewall installation and configuration by installing (or uninstalling) and enabling (or disabling) the plugin as follows:
Enable: Executes SET GLOBAL mysql_firewall_mode = ON; against the connected MySQL server. Disable sets it to OFF instead of ON.
This is a runtime operation. Configure the MySQL server configuration file to enable MySQL Enterprise Firewall at startup.
Install: Executes queries to install the new MySQL Enterprise Firewall tables and stored procedure needed to switch the state. Uninstall reverses these effects, which also removes the recorded rules.
Alternatively, you can manually install and enable MySQL Enterprise Firewall. For additional information, see Installing or Uninstalling MySQL Enterprise Firewall.
The following figure shows the first step to install and enable MySQL Enterprise Firewall from within MySQL Workbench.
mysql_firewall_mode option in the configuration
option will enable it after a restart (see the figure that
follows). You can edit the MySQL configuration file with an
external editor or use MySQL Workbench to edit it.
The Firewall Rules tab lists the active and recorded rules for a given user, the state of each rule, and includes options to add, delete, and save rules. The next figure shows the actions available within the Firewall Rules tab.
State (mode): Options include OFF (disables the firewall), PROTECTING (enables the whitelist), RECORDING (training mode), and RESET (removes the rules). For additional information about the meaning of these states, see MySQL Enterprise Firewall Procedures and Functions.
Administrative actions includeand for individual rules, and to clear (remove) all rules. prompts for a firewall rules text file (defaults to the
.fwrextension) that contains one rule per line, and saves the current rules.
Active rules are used in PROTECTIVE mode, and Rules being recorded are entries still being RECORDED. Switching from RECORDING to PROTECTING mode copies the recorded rules into the active rule subset.
MySQL Workbench executes queries, gets variables, and performs a lot of checks. For this reason, MySQL Workbench is more useful as an administration tool for MySQL Enterprise Firewall than a tool to record rules. For example, RECORDING rules in MySQL Workbench will record the behind-the-scenes operations performed by MySQL Workbench for the MySQL user. Also, using MySQL Workbench by a MySQL user in PROTECTING mode will attempt to execute operations that a typical firewalled MySQL user might not have access to.