web服务器 10.0.0.100
MySQL服务器
10.0.0.200
[timo@localhost /]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.100" port protocol="tcp" port="3306" accept"
[timo@localhost /]# firewall-cmd --reload
> grant all privileges on *.* to root@10.0.0.100 identified by '123456';
> flush privileges;