I have a linux box on my home network, and I want to remotely access mysql on this machine from my home network without opening it up to the world. You apparently can't do with mysql because the bind address and grants don't allow wildcards in IP addresses (correct me if I'm wrong).
So I am trying to configure ufw to allow access from (only) my home network. From what I've read, you can't have default deny incoming and just add an exception to that. So I have tried to configure ufw like so (status output):
Status: active
To Action From
-- ------ ----
1:19/tcp DENY Anywhere
1:19/udp DENY Anywhere
22:52/udp DENY Anywhere
22:52/tcp DENY Anywhere
54:79/tcp DENY Anywhere
54:79/udp DENY Anywhere
81:122/udp DENY Anywhere
81:122/tcp DENY Anywhere
124:442/tcp DENY Anywhere
124:442/udp DENY Anywhere
444:65535/udp DENY Anywhere
444:65535/tcp DENY Anywhere
Anywhere ALLOW 192.168.1.0/24 3306/tcp
Anywhere ALLOW 192.168.1.0/24
1:19/tcp (v6) DENY Anywhere (v6)
1:19/udp (v6) DENY Anywhere (v6)
22:52/udp (v6) DENY Anywhere (v6)
22:52/tcp (v6) DENY Anywhere (v6)
54:79/tcp (v6) DENY Anywhere (v6)
54:79/udp (v6) DENY Anywhere (v6)
81:122/udp (v6) DENY Anywhere (v6)
81:122/tcp (v6) DENY Anywhere (v6)
124:442/tcp (v6) DENY Anywhere (v6)
124:442/udp (v6) DENY Anywhere (v6)
444:65535/udp (v6) DENY Anywhere (v6)
444:65535/tcp (v6) DENY Anywhere (v6)
The first allow was created with Gufw, but it didn't work, so I tried adding the second one from the command line without any port specs. Anyway, neither one works to permit remote mysql access (which works with ufw diabled, btw). Can someone tell me how to fix this?
Update/Solution:
Based on a post here and the ufw docs I got it to work. I got rid of all the rules I had and used the ufw command line client:
sudo ufw default deny
sudo ufw allow http
sudo ufw allow https
sudo ufw allow from 192.168.1.0/24 to any port 3306
