Msyql configuration file my. in cnf, the option bind-address = 127.0.0.1 is used. That is to say, mysql server listens to local requests. If any host can be opened, it is written as 0.0.0.0, but this is not safe. Listen to an ip address and specify this ip address. However, make sure that mysql users allow this ip address to access the database. Otherwise, you cannot operate on the database. Can I specify only a few ip addresses in the configuration?
Simple and direct answer: Impossible
See: # option_mysqld_bind-address
The MySQL server listens on a single network socket for TCP/IP connections. this socket is bound to a single address, but it is possible for an address to map onto multiple network interfaces. the default address is 0.0.0.0. to specify an address explicitly, use? Bind-address = addr option at server startup, where addr is an IPv4 address or a host name. if addr is a host name, the server resolves the name to an IPv4 address and binds to that address. the server treats different types of addresses as follows:
If the address is 0.0.0.0, the server accepts TCP/IP connections on all server host IPv4 interfaces.
If the address is a "regular" IPv4 address (such as 127.0.0.1), the server accepts TCP/IP connections only for that particle IPv4 address.
However, with this requirement, access control is implemented. You can use the firewall iptables to achieve this effect.
Mysql-server is 192.168.1.3 and only 192.168.1.4, 192.168.1.5, and 192.168.1.6 are allowed to access port 3306.
In my. cnf
Bind-address = 0.0.0.0
In the host that accesses Port 3306, only 192.168.1.4-6 is allowed, and all other ip addresses are dropped.
/Sbin/iptables-a input-p tcp-s 192.168.1.4 -- dport 3306-j ACCEPT/sbin/iptables-a input-p tcp-s 192.168.1.5 -- dport 3306-j ACCEPT/sbin /iptables-a input-p tcp-s 192.168.1.6 -- dport 3306-j ACCEPT/sbin/iptables-a input-p tcp -- dport 3306-j DROP
Or
/Sbin/iptables-a input-p tcp -- dport 3306! -S 192.168.1.4-j DROP/sbin/iptables-a input-p tcp -- dport 3306! -S 192.168.1.5-j DROP/sbin/iptables-a input-p tcp -- dport 3306! -S 192.168.1.6-j DROP
Save firewall rules
Service iptables save
View rules that contain 3306 in the INPUT chain
Echo-e "target prot opt source destination \ n $ (iptables-l input-n | grep 3306 )"
In this way, mysql only allows access from specified ip addresses.
Summary
Although mysql does not directly bind multiple ip addresses for access, it can be implemented through the firewall iptables, which is also a good method.