6.4.7.1 MySQL Enterprise Firewall Components

A server-side plugin named MYSQL_FIREWALL examines SQL statements before they execute and, based on its in-memory cache, renders a decision whether to execute or reject each statement.

Server-side plugins named MYSQL_FIREWALL_USERS and MYSQL_FIREWALL_WHITELIST implement INFORMATION_SCHEMA tables that provide views into the firewall data cache.

System tables named firewall_users and firewall_whitelist in the mysql database provide persistent storage of firewall data.

Stored procedures named sp_set_firewall_mode() and sp_reload_firewall_rules() perform tasks such as registering MySQL accounts with the firewall, establishing their operational mode, and managing transfer of firewall data between the cache and the underlying system tables.

A set of user-defined functions provides an SQL-level API for lower-level tasks such as synchronizing the cache with the underlying system tables.

System variables enable firewall configuration and status variables provide runtime operational information.

FIREWALL_ADMIN and FIREWALL_USER privileges enable users to administer firewall rules for any user, and their own firewall rules, respectively.