方法1:
firewall-cmd --zone=public --permanent --add-port=3306/tcp
firewall-cmd --reload缺点:不是很安全,所有的ip向数据库的请求都会通过
方法2:
只为特定ip向3306端口发起的请求放行
[root@localhost ~]# firewall-cmd --zone=public --permanent --remove-port=3306/tcp
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.209.131" port protocol="tcp" port="3306" accept "
success
[root@localhost ~]# firewall-cmd --reload
success先移除之前的,然后reload