Configuring MySQL Firewall Rule and CIDR Notation Explanation

How to Allow MySQL Access from a Specific IP Address (Windows)

To create a firewall rule on Windows that allows MySQL to be accessed only from a specific IP address, follow these steps:

Step 1: Open Windows Firewall

1. Press Win + R to open the Run dialog.
2. Type wf.msc and press Enter. This opens the Windows Defender Firewall with Advanced Security.

Step 2: Create an Inbound Rule for MySQL

1. In the left pane, click on Inbound Rules.
2. In the right pane, click New Rule....
3. In the New Inbound Rule Wizard:
   • Select Port and click Next.
   • Choose TCP.
   • In the Specific local ports field, enter 3306 (default MySQL port) and click Next.
   • Choose Allow the connection and click Next.
   • Select when the rule should apply (Domain, Private, Public) depending on your network configuration, then click Next.
   • Give the rule a name, like MySQL Remote IP Restriction, and click Finish.

Step 3: Restrict Access to Specific IP Address

1. Find the newly created rule in the list under Inbound Rules.
2. Right-click the rule and choose Properties.
3. In the Properties window, go to the Scope tab.
4. Under Remote IP address:
   • Select These IP addresses.
   • Click Add... and enter the specific IP address you want to allow access to (e.g., 203.0.113.45).
   • Click OK.
5. Optionally, you can also restrict the Local IP address field to further tighten security (leave as Any IP address unless you're sure of the configuration).
6. Click OK to apply the changes.

Step 4: Test the Firewall Rule

Test the MySQL connection from the allowed IP address by trying to connect to the MySQL server from a client located at that IP. Attempts to connect from any other IP should fail.

CIDR Notation Explanation

CIDR (Classless Inter-Domain Routing) notation can use any number between /0 and /32 for IPv4 addresses. The number after the slash (/n) represents the number of bits that are "fixed" (used for the network portion of the address). The remaining bits are used for host addresses (devices or individual IPs within that network).

Common CIDR Values and Their Ranges

• /8:
  • 8 fixed bits, 24 host bits.
  • Range: xxx.0.0.0 to xxx.255.255.255.
  • Total IPs: 16,777,216.
• /16:
  • 16 fixed bits, 16 host bits.
  • Range: xxx.xxx.0.0 to xxx.xxx.255.255.
  • Total IPs: 65,536.
• /24:
  • 24 fixed bits, 8 host bits.
  • Range: xxx.xxx.xxx.0 to xxx.xxx.xxx.255.
  • Total IPs: 256.
• /32:
  • 32 fixed bits, 0 host bits.
  • Range: A single IP address.
  • Total IPs: 1 (a specific IP).

In-Between CIDR Notations

• /9: 9 network bits, 23 host bits. Range: xxx.xxx.xxx.xxx to xxx.127.255.255. Total IPs: 8,388,608.
• /17: 17 network bits, 15 host bits. Range: xxx.xxx.128.0 to xxx.xxx.255.255. Total IPs: 32,768.
• /28: 28 network bits, 4 host bits. Range: xxx.xxx.xxx.240 to xxx.xxx.xxx.255. Total IPs: 16.

Choosing CIDR Based on Use

If you need a large range, use a lower /n, like /16 or /17, where more IPs can vary. If you need only a small range of IPs, use a higher /n, like /24 or /28, to limit the range.

This combined guide explains how to set up MySQL firewall rules on Windows and gives an overview of CIDR notation for controlling IP address ranges.