• Service:  MySQL
  • Port:  3306

Of course make sure that your MySQL or MariaDB version is supported.

Unless you absolutely have to have it open for remote MySQL access, keep port 3306 closed in the firewall.

If you've got the ConfigServer Firewall enabled on the server, you can add the remote MySQL access host in /etc/csf/csf.allow and that'll bypass any port blocking rules.  Which means you should be able to keep port 3306 closed in the firewall but whitelisted IPs should still be able to access.