Firewall

Overview

SkySQL services are firewall-protected.

Access to MariaDB SkySQL services is managed on a per-service basis.

IPv4 addresses and IPv4 netblocks can be added to the allowlist to enable service access. Access from other addresses will be blocked.

Compatibility

  • Enterprise Server Single Node

  • Enterprise Server With Replica(s)

  • Xpand Distributed SQL

  • ColumnStore Data Warehouse

  • Serverless Analytics

Default

By default, when a service is launched its allowlist is empty. All external traffic to the service is blocked.

Access to Firewall Configuration

To access the Firewall settings interface:

  1. Log in to the Unified Portal.

  2. Click the "Settings" link in the main menu (left navigation in the Unified Portal).

  3. Click the "Firewall" button.

Firewall settings

Firewall settings.
https://skysql.mariadb.com/settings/firewall

Alternatively, you can access firewall settings for a specific service by clicking on the "MANAGE" button for the desired service, then choose "Security Access" from the menu.

Whitelist dialog

Whitelist dialog.
https://skysql.mariadb.com/dashboard

Add to the Allowlist

IP addresses can be added to the allowlist from the Firewall settings interface or a service's Security Access interface:

  1. Enter an IPv4 address or IPv4 netblock.

  2. Optionally enter an alias for this address. An alias provides a way to remember why an address was added to the allowlist.

  3. Click the "Save" button.

After saving the change, a notification will be provided when the change has been applied.

Remove from the Allowlist

IP addresses can be removed from the allowlist from the Firewall settings interface or a service's Security Access interface:

  1. Click the "X" button to the right of the entry to remove.

  2. Click the "Save" button.

After saving the change, a notification will be provided when the change has been applied.

Edit an Allowlist Entry

An allowlist entry can be edited from the Firewall settings interface or a service's Security Access interface:

  1. Modify the IP address or alias of the desired allowlist entry.

  2. Click the "Save" button.

After saving the change, a notification will be provided when the change has been applied.