how to restrict inbound connection to mysql server to specified IP address by firewall setting

Herbert asked:

background purpose: I want to restrict inbound connection to MYSQL server only for specific host by setting inbound rules of windows firewall. I mean, I want to allow only specific host to connect to the MYSQL server.

In the windows firewall setting, this is what I saw by default:

enter image description here

both ports are opened. so, I blocked all the inbound connection to the port 33060 because I don’t expect inbound from X-Protocol:

enter image description here

Then, I tried to connect to the MYSQL server from my local pc and the connection succeeded. Next, I tried to restrict inbound connection to the port 3306 of the MYSQL server only to specified IP address:

at first, select Allow the connection if it is secure.
enter image description here

second, specified remote IP address by which I am connecting to this MYSQL server.
enter image description here

in the part of black out in the image above, I typed my global IP address(IPv4) of my local pc. I typed it in XX.XXX.XXX.XX format.
then I tested to connect to the MYSQL server from my local pc, but it didn’t get through.

I tested connection by Test-NetConnection in windows powershell. But, the connection to the port failed..

enter image description here

what am I wrong with?

I tested like the below, too.

I change setting like below:
Remote IP address to by Any IP address.

enter image description here

and left the setting below as it is:

Allow the connection if it is secure

enter image description here

then, try Test-NetConnection in windows powershell. but it doesn’t get through to the port..

My answer:


You need to change the setting to Allow this connection, not "Allow this connection if it is secure".

The latter setting will allow the connection only if it is protected via IPSec, which you almost certainly are not using and will never use.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.