Firewall Configuration

To make sure you can communicate with the server, but prevent unauthorized access to additional ports, we will lock down the firewall. Notice we call out the port 3306 as being not recommended through the firewall. In our demo, we have blocked the access for this port and won’t allow this through the firewall. All our connections to the database server will be made through the SSH ports or across the VPN tunnels that will be created.

Development Machine SSH Tunnel Configuration

sudo ufw deny 3306/tcp <- Highly recommended to block this port from external access. See the SSH Tunnel/VPN Configuration settings for proper MySQL access while SSHed/Webuser access into your machine.