MariaDB + PHPMyadmin - Good idea to allow a user from all IPs and use IPTable to block?
I have a MariaDB + PHPMyAdmin installed as a dedicated DB server and multiple front-ends to point to the same DB server. As such I would like to set up a DB user with no restriction in IP (i.e., the host field can be anything) and use IPTables to make sure only my frontend servers could access the MariaDB installation on the DB server.
My questions are:
Is this set up secure?
Does open up port 3306 would be enough?
If I do the following:
iptables -I INPUT -p tcp -m tcp -s MY FRONT END IP --dport 3306 -j ACCEPT
Would this block off the access for the PHPMyAdmin on my localhost? Do I have to add an entry for IP 127.0.0.1 as well?