Option in the My.cnf bind-address=127.0.0.1, is that the MySQL server listens for requests from the local, if is any host can request written as 0.0.0.0 but less secure. Listen on one IP, specify the IP address to, but this IP is allowed to keep the MySQL user has access, or the database operation cannot be. You can configure only a few IP in it?
Simple and direct answer: no
Please refer to: http://dev.MySQL.com/doc/refman/5.1/en/server-options.html#option_mysqld_bind-address
The MySQL server listens on a single network socket for TCP/IP connections. This socket is bound to a single address, but it is possible for an address to map onto multiple network interfaces. The default address is 0.0.0.0. To specify an address explicitly, use the –bind-address=addr option at server startup, where addr is an IPv4 address or a host name. If addr is a host name, the server resolves the name to an IPv4 address and binds to that address. The server treats different types of addresses as follows:
If the address is 0.0.0.0, the server accepts TCP/IP connections on all server host IPv4 interfaces.
If the address is a “regular” IPv4 address (such as 127.0.0.1), the server accepts TCP/IP connections only for that particular IPv4 address.
But there is such a need, to access control, use Firewall iptables can do this
MySQL-server is 192.168.1.3, allows only 192.168.1.4, 192.168.1.5, 192.168.1.6lai access to port 3306
In the My.cnf
bind-address = 0.0.0.0
During a visit to port 3306 on hosts, only 192.168.1.4-6 is allowed, other IP should DROP off
/sbin/iptables -A INPUT -p tcp -s 192.168.1.4 –dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 192.168.1.5 –dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 192.168.1.6 –dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 3306 -j DROP
Or
/sbin/iptables -A INPUT -p tcp –dport 3306 ! -s 192.168.1.4 -j DROP
/sbin/iptables -A INPUT -p tcp –dport 3306 ! -s 192.168.1.5 -j DROP
/sbin/iptables -A INPUT -p tcp –dport 3306 ! -s 192.168.1.6 -j DROP
Saving firewall rules
service iptables save
View the INPUT chain rules that include 3306
echo -e “target prot opt source destination\n$(iptables -L INPUT -n | grep 3306)”
This implements MySQL only allows you to specify IP access.