From 80e92b144dec764f7ca578afdde97b7c877c79b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= <rene.cannao@gmail.com>
Date: Mon, 18 Nov 2019 12:37:04 +1100
Subject: [PATCH] [WIP] Second commit for mysql firewall whitelist

Improved also compiling time
---
 include/cpp.h                    |   8 +-
 include/proxysql_admin.h         |   5 +
 include/proxysql_structs.h       |   5 +
 include/query_processor.h        |   3 +
 lib/MySQL_HostGroups_Manager.cpp |   2 +
 lib/MySQL_Logger.cpp             |   2 +
 lib/MySQL_PreparedStatement.cpp  |   2 +
 lib/MySQL_Protocol.cpp           |   2 +
 lib/MySQL_Session.cpp            |   2 +
 lib/MySQL_Thread.cpp             |   2 +
 lib/ProxySQL_Admin.cpp           | 200 +++++++++++++++++++++++++++++--
 lib/ProxySQL_Cluster.cpp         |   2 +
 lib/ProxySQL_HTTP_Server.cpp     |   2 +
 lib/ProxySQL_Statistics.cpp      |   2 +
 lib/Query_Processor.cpp          |   7 ++
 lib/mysql_connection.cpp         |   2 +
 lib/mysql_data_stream.cpp        |   2 +
 src/main.cpp                     |   3 +
 18 files changed, 242 insertions(+), 11 deletions(-)

diff --git a/include/cpp.h b/include/cpp.h
index 65ecc14c8b..cb0feb4982 100644
--- a/include/cpp.h
+++ b/include/cpp.h
@@ -24,10 +24,10 @@
 #endif /* PROXYSQLCLICKHOUSE */
 #include "MySQL_HostGroups_Manager.h"
 #include "MySQL_Logger.hpp"
-#include "MySQL_PreparedStatement.h"
-#include "ProxySQL_Cluster.hpp" // cluster
-#include "ProxySQL_Statistics.hpp" // statistics
-#include "ProxySQL_HTTP_Server.hpp" // HTTP server
+//#include "MySQL_PreparedStatement.h"
+//#include "ProxySQL_Cluster.hpp" // cluster
+//#include "ProxySQL_Statistics.hpp" // statistics
+//#include "ProxySQL_HTTP_Server.hpp" // HTTP server
 #undef swap
 #undef min
 #undef max
diff --git a/include/proxysql_admin.h b/include/proxysql_admin.h
index 116591188a..bd8d221a06 100644
--- a/include/proxysql_admin.h
+++ b/include/proxysql_admin.h
@@ -205,6 +205,7 @@ class ProxySQL_Admin {
 	void init_users();
 	void init_mysql_servers();
 	void init_mysql_query_rules();
+	void init_mysql_firewall();
 	void init_proxysql_servers();
 	void save_mysql_users_runtime_to_database(bool _runtime);
 	void save_mysql_servers_runtime_to_database(bool);
@@ -222,11 +223,15 @@ class ProxySQL_Admin {
 	void flush_mysql_servers__from_disk_to_memory();
 	void flush_mysql_query_rules__from_memory_to_disk();
 	void flush_mysql_query_rules__from_disk_to_memory();
+	void flush_mysql_firewall__from_memory_to_disk();
+	void flush_mysql_firewall__from_disk_to_memory();
 	void load_mysql_servers_to_runtime();
 	void save_mysql_servers_from_runtime();
 	char * load_mysql_query_rules_to_runtime();
 	void save_mysql_query_rules_from_runtime(bool);
 	void save_mysql_query_rules_fast_routing_from_runtime(bool);
+	char * load_mysql_firewall_to_runtime();
+	void save_mysql_firewall_from_runtime(bool);
 
 	void load_scheduler_to_runtime();
 	void save_scheduler_runtime_to_database(bool);
diff --git a/include/proxysql_structs.h b/include/proxysql_structs.h
index 67cdcb6b30..b53d193bce 100644
--- a/include/proxysql_structs.h
+++ b/include/proxysql_structs.h
@@ -387,6 +387,11 @@ class SQLite3_result;
 class stmt_execute_metadata_t;
 class MySQL_STMTs_meta;
 class MySQL_HostGroups_Manager;
+class ProxySQL_HTTP_Server;
+class MySQL_STMTs_local_v14;
+class MySQL_STMT_Global_info;
+class StmtLongDataHandler;
+class ProxySQL_Cluster;
 #endif /* PROXYSQL_CLASSES */
 //#endif /* __cplusplus */
 
diff --git a/include/query_processor.h b/include/query_processor.h
index ffaf73ec29..36c1c2a0d2 100644
--- a/include/query_processor.h
+++ b/include/query_processor.h
@@ -328,6 +328,9 @@ class Query_Processor {
 	void load_fast_routing(SQLite3_result *resultset);
 	SQLite3_result * get_current_query_rules_fast_routing();
 	int testing___find_HG_in_mysql_query_rules_fast_routing(char *username, char *schemaname, int flagIN);
+
+	// firewall
+	void load_mysql_firewall(SQLite3_result *u, SQLite3_result *r);
 };
 
 typedef Query_Processor * create_Query_Processor_t();
diff --git a/lib/MySQL_HostGroups_Manager.cpp b/lib/MySQL_HostGroups_Manager.cpp
index bf318b5327..357805e76f 100644
--- a/lib/MySQL_HostGroups_Manager.cpp
+++ b/lib/MySQL_HostGroups_Manager.cpp
@@ -2,6 +2,8 @@
 #include "cpp.h"
 #include "SpookyV2.h"
 
+#include "MySQL_PreparedStatement.h"
+
 #define char_malloc (char *)malloc
 #define itostr(__s, __i)  { __s=char_malloc(32); sprintf(__s, "%lld", __i); }
 
diff --git a/lib/MySQL_Logger.cpp b/lib/MySQL_Logger.cpp
index 73ec7c09cd..ec52faf78b 100644
--- a/lib/MySQL_Logger.cpp
+++ b/lib/MySQL_Logger.cpp
@@ -1,6 +1,8 @@
 #include <fstream>
 #include "proxysql.h"
 #include "cpp.h"
+#include "MySQL_PreparedStatement.h"
+
 #include <dirent.h>
 #include <libgen.h>
 
diff --git a/lib/MySQL_PreparedStatement.cpp b/lib/MySQL_PreparedStatement.cpp
index fc6f9a8dc8..14a906c318 100644
--- a/lib/MySQL_PreparedStatement.cpp
+++ b/lib/MySQL_PreparedStatement.cpp
@@ -3,6 +3,8 @@
 
 #include "SpookyV2.h"
 
+#include "MySQL_PreparedStatement.h"
+
 //extern MySQL_STMT_Manager *GloMyStmt;
 //static uint32_t add_prepared_statement_calls = 0;
 //static uint32_t find_prepared_statement_by_hash_calls = 0;
diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp
index 3c787b4706..09276569b8 100644
--- a/lib/MySQL_Protocol.cpp
+++ b/lib/MySQL_Protocol.cpp
@@ -2,6 +2,8 @@
 #include "proxysql.h"
 #include "cpp.h"
 
+#include "MySQL_PreparedStatement.h"
+
 extern MySQL_Authentication *GloMyAuth;
 extern MySQL_LDAP_Authentication *GloMyLdapAuth;
 extern MySQL_Threads_Handler *GloMTH;
diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp
index 6474db6a22..f466bf1256 100644
--- a/lib/MySQL_Session.cpp
+++ b/lib/MySQL_Session.cpp
@@ -5,6 +5,8 @@
 #include "SpookyV2.h"
 #include "set_parser.h"
 
+#include "MySQL_PreparedStatement.h"
+
 #define SELECT_VERSION_COMMENT "select @@version_comment limit 1"
 #define SELECT_VERSION_COMMENT_LEN 32
 #define PROXYSQL_VERSION_COMMENT "\x01\x00\x00\x01\x01\x27\x00\x00\x02\x03\x64\x65\x66\x00\x00\x00\x11\x40\x40\x76\x65\x72\x73\x69\x6f\x6e\x5f\x63\x6f\x6d\x6d\x65\x6e\x74\x00\x0c\x21\x00\x18\x00\x00\x00\xfd\x00\x00\x1f\x00\x00\x05\x00\x00\x03\xfe\x00\x00\x02\x00\x0b\x00\x00\x04\x0a(ProxySQL)\x05\x00\x00\x05\xfe\x00\x00\x02\x00"
diff --git a/lib/MySQL_Thread.cpp b/lib/MySQL_Thread.cpp
index 4618dc42f3..7c43ea3f75 100644
--- a/lib/MySQL_Thread.cpp
+++ b/lib/MySQL_Thread.cpp
@@ -9,6 +9,8 @@
 #include "re2/re2.h"
 #include "re2/regexp.h"
 
+#include "MySQL_PreparedStatement.h"
+
 #ifdef DEBUG
 MySQL_Session *sess_stopat;
 #endif
diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp
index 7eaa5c8183..6bacd19049 100644
--- a/lib/ProxySQL_Admin.cpp
+++ b/lib/ProxySQL_Admin.cpp
@@ -5,6 +5,10 @@
 #include "re2/regexp.h"
 #include "proxysql.h"
 #include "cpp.h"
+#include "ProxySQL_HTTP_Server.hpp" // HTTP server
+#include "MySQL_PreparedStatement.h"
+#include "ProxySQL_Cluster.hpp"
+#include "ProxySQL_Statistics.hpp"
 
 #include <search.h>
 #include <stdlib.h>
@@ -319,11 +323,17 @@ static int http_handler(void *cls, struct MHD_Connection *connection, const char
 #define ADMIN_SQLITE_TABLE_SCHEDULER_V1_2_2c "CREATE TABLE scheduler (id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL , active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1 , interval_ms INTEGER CHECK (interval_ms>=100 AND interval_ms<=100000000) NOT NULL , filename VARCHAR NOT NULL , arg1 VARCHAR , arg2 VARCHAR , arg3 VARCHAR , arg4 VARCHAR , arg5 VARCHAR , comment VARCHAR NOT NULL DEFAULT '')"
 
 
-#define ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_v209 "CREATE TABLE mysql_firewall_whitelist (username VARCHAR NOT NULL , client_address VARCHAR NOT NULL , schemaname VARCHAR NOT NULL , flagIN INT NOT NULL DEFAULT 0 , digest VARCHAR NOT NULL , comment VARCHAR NOT NULL , PRIMARY KEY (username, client_address , schemaname , flagIN , digest) )"
+#define ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_USERS_v209 "CREATE TABLE mysql_firewall_whitelist_users (username VARCHAR NOT NULL , client_address VARCHAR NOT NULL , comment VARCHAR NOT NULL , PRIMARY KEY (username, client_address) )"
 
-#define ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_v209
+#define ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_USERS ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_USERS_v209
 
-#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_FIREWALL_WHITELIST "CREATE TABLE runtime_mysql_firewall_whitelist (username VARCHAR NOT NULL , client_address VARCHAR NOT NULL , schemaname VARCHAR NOT NULL , flagIN INT NOT NULL DEFAULT 0 , digest VARCHAR NOT NULL , comment VARCHAR NOT NULL , PRIMARY KEY (username, client_address , schemaname , flagIN , digest) )"
+#define ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_RULES_v209 "CREATE TABLE mysql_firewall_whitelist_rules (username VARCHAR NOT NULL , client_address VARCHAR NOT NULL , schemaname VARCHAR NOT NULL , flagIN INT NOT NULL DEFAULT 0 , digest VARCHAR NOT NULL , comment VARCHAR NOT NULL , PRIMARY KEY (username, client_address , schemaname , flagIN , digest) )"
+
+#define ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_RULES ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_RULES_v209
+
+#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_FIREWALL_WHITELIST_USERS "CREATE TABLE runtime_mysql_firewall_whitelist_users (username VARCHAR NOT NULL , client_address VARCHAR NOT NULL , comment VARCHAR NOT NULL , PRIMARY KEY (username, client_address) )"
+
+#define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_FIREWALL_WHITELIST_RULES "CREATE TABLE runtime_mysql_firewall_whitelist_rules (username VARCHAR NOT NULL , client_address VARCHAR NOT NULL , schemaname VARCHAR NOT NULL , flagIN INT NOT NULL DEFAULT 0 , digest VARCHAR NOT NULL , comment VARCHAR NOT NULL , PRIMARY KEY (username, client_address , schemaname , flagIN , digest) )"
 
 #define ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_SERVERS "CREATE TABLE runtime_mysql_servers (hostgroup_id INT CHECK (hostgroup_id>=0) NOT NULL DEFAULT 0 , hostname VARCHAR NOT NULL , port INT CHECK (port >= 0 AND port <= 65535) NOT NULL DEFAULT 3306 , gtid_port INT CHECK (gtid_port <> port AND gtid_port >= 0 AND gtid_port <= 65535) NOT NULL DEFAULT 0 , status VARCHAR CHECK (UPPER(status) IN ('ONLINE','SHUNNED','OFFLINE_SOFT', 'OFFLINE_HARD')) NOT NULL DEFAULT 'ONLINE' , weight INT CHECK (weight >= 0 AND weight <=10000000) NOT NULL DEFAULT 1 , compression INT CHECK (compression IN(0,1)) NOT NULL DEFAULT 0 , max_connections INT CHECK (max_connections >=0) NOT NULL DEFAULT 1000 , max_replication_lag INT CHECK (max_replication_lag >= 0 AND max_replication_lag <= 126144000) NOT NULL DEFAULT 0 , use_ssl INT CHECK (use_ssl IN(0,1)) NOT NULL DEFAULT 0 , max_latency_ms INT UNSIGNED CHECK (max_latency_ms>=0) NOT NULL DEFAULT 0 , comment VARCHAR NOT NULL DEFAULT '' , PRIMARY KEY (hostgroup_id, hostname, port) )"
 
@@ -2119,6 +2129,105 @@ bool admin_handler_command_load_or_save(char *query_no_space, unsigned int query
 
 	}
 
+	if ((query_no_space_length>23) && ( (!strncasecmp("SAVE MYSQL FIREWALL ", query_no_space, 23)) || (!strncasecmp("LOAD MYSQL FIREWALL ", query_no_space, 23))) ) {
+
+		if (
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL TO MEMORY") && !strncasecmp("LOAD MYSQL FIREWALL TO MEMORY",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL TO MEM") && !strncasecmp("LOAD MYSQL FIREWALL TO MEM",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL FROM DISK") && !strncasecmp("LOAD MYSQL FIREWALL FROM DISK",query_no_space, query_no_space_length))
+		) {
+			proxy_info("Received %s command\n", query_no_space);
+			ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
+			SPA->flush_mysql_firewall__from_disk_to_memory();
+			proxy_debug(PROXY_DEBUG_ADMIN, 4, "Loaded mysql query rules to MEMORY\n");
+			SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL);
+			return false;
+		}
+
+		if (
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL FROM CONFIG") && !strncasecmp("LOAD MYSQL FIREWALL FROM CONFIG",query_no_space, query_no_space_length))
+		) {
+			proxy_info("Received %s command\n", query_no_space);
+			if (GloVars.configfile_open) {
+				proxy_debug(PROXY_DEBUG_ADMIN, 4, "Loading from file %s\n", GloVars.config_file);
+				if (GloVars.confFile->OpenFile(NULL)==true) {
+					ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
+					int rows=0;
+					rows=SPA->Read_MySQL_Query_Rules_from_configfile();
+					proxy_debug(PROXY_DEBUG_ADMIN, 4, "Loaded mysql query rules from CONFIG\n");
+					SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL, rows);
+					GloVars.confFile->CloseFile();
+				} else {
+					proxy_debug(PROXY_DEBUG_ADMIN, 4, "Unable to open or parse config file %s\n", GloVars.config_file);
+					char *s=(char *)"Unable to open or parse config file %s";
+					char *m=(char *)malloc(strlen(s)+strlen(GloVars.config_file)+1);
+					sprintf(m,s,GloVars.config_file);
+					SPA->send_MySQL_ERR(&sess->client_myds->myprot, m);
+					free(m);
+				}
+			} else {
+				proxy_debug(PROXY_DEBUG_ADMIN, 4, "Unknown config file\n");
+				SPA->send_MySQL_ERR(&sess->client_myds->myprot, (char *)"Config file unknown");
+			}
+			return false;
+		}
+
+		if (
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL FROM MEMORY") && !strncasecmp("SAVE MYSQL FIREWALL FROM MEMORY",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL FROM MEM") && !strncasecmp("SAVE MYSQL FIREWALL FROM MEM",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL TO DISK") && !strncasecmp("SAVE MYSQL FIREWALL TO DISK",query_no_space, query_no_space_length))
+		) {
+			proxy_info("Received %s command\n", query_no_space);
+			ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
+			SPA->flush_mysql_firewall__from_memory_to_disk();
+			proxy_debug(PROXY_DEBUG_ADMIN, 4, "Saved mysql query rules to DISK\n");
+			SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL);
+			return false;
+		}
+
+		if (
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL FROM MEMORY") && !strncasecmp("LOAD MYSQL FIREWALL FROM MEMORY",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL FROM MEM") && !strncasecmp("LOAD MYSQL FIREWALL FROM MEM",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL TO RUNTIME") && !strncasecmp("LOAD MYSQL FIREWALL TO RUNTIME",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("LOAD MYSQL FIREWALL TO RUN") && !strncasecmp("LOAD MYSQL FIREWALL TO RUN",query_no_space, query_no_space_length))
+		) {
+			proxy_info("Received %s command\n", query_no_space);
+			ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
+			char *err=SPA->load_mysql_firewall_to_runtime();
+			if (err==NULL) {
+				proxy_debug(PROXY_DEBUG_ADMIN, 4, "Loaded mysql query rules to RUNTIME\n");
+				SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL);
+			} else {
+				SPA->send_MySQL_ERR(&sess->client_myds->myprot, err);
+			}
+			return false;
+		}
+
+		if (
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL TO MEMORY") && !strncasecmp("SAVE MYSQL FIREWALL TO MEMORY",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL TO MEM") && !strncasecmp("SAVE MYSQL FIREWALL TO MEM",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL FROM RUNTIME") && !strncasecmp("SAVE MYSQL FIREWALL FROM RUNTIME",query_no_space, query_no_space_length))
+			||
+			(query_no_space_length==strlen("SAVE MYSQL FIREWALL FROM RUN") && !strncasecmp("SAVE MYSQL FIREWALL FROM RUN",query_no_space, query_no_space_length))
+		) {
+			proxy_info("Received %s command\n", query_no_space);
+			ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
+			SPA->save_mysql_firewall_from_runtime(false);
+			proxy_debug(PROXY_DEBUG_ADMIN, 4, "Saved mysql query rules from RUNTIME\n");
+			SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL);
+			return false;
+		}
+	}
+
 	if ((query_no_space_length>23) && ( (!strncasecmp("SAVE MYSQL QUERY RULES ", query_no_space, 23)) || (!strncasecmp("LOAD MYSQL QUERY RULES ", query_no_space, 23))) ) {
 
 		if (
@@ -4495,8 +4604,10 @@ bool ProxySQL_Admin::init() {
 	insert_into_tables_defs(tables_defs_admin,"mysql_collations", ADMIN_SQLITE_TABLE_MYSQL_COLLATIONS);
 	insert_into_tables_defs(tables_defs_admin,"scheduler", ADMIN_SQLITE_TABLE_SCHEDULER);
 	insert_into_tables_defs(tables_defs_admin,"runtime_scheduler", ADMIN_SQLITE_TABLE_RUNTIME_SCHEDULER);
-	insert_into_tables_defs(tables_defs_admin,"mysql_firewall_whitelist", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST);
-	insert_into_tables_defs(tables_defs_admin,"runtime_mysql_firewall_whitelist", ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_FIREWALL_WHITELIST);
+	insert_into_tables_defs(tables_defs_admin,"mysql_firewall_whitelist_users", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_USERS);
+	insert_into_tables_defs(tables_defs_admin,"runtime_mysql_firewall_whitelist_users", ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_FIREWALL_WHITELIST_USERS);
+	insert_into_tables_defs(tables_defs_admin,"mysql_firewall_whitelist_rules", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_RULES);
+	insert_into_tables_defs(tables_defs_admin,"runtime_mysql_firewall_whitelist_rules", ADMIN_SQLITE_TABLE_RUNTIME_MYSQL_FIREWALL_WHITELIST_RULES);
 #ifdef DEBUG
 	insert_into_tables_defs(tables_defs_admin,"debug_levels", ADMIN_SQLITE_TABLE_DEBUG_LEVELS);
 #endif /* DEBUG */
@@ -4520,7 +4631,8 @@ bool ProxySQL_Admin::init() {
 	// the table is not required to be present on disk. Removing it due to #1055
 	insert_into_tables_defs(tables_defs_config,"mysql_collations", ADMIN_SQLITE_TABLE_MYSQL_COLLATIONS);
 	insert_into_tables_defs(tables_defs_config,"scheduler", ADMIN_SQLITE_TABLE_SCHEDULER);
-	insert_into_tables_defs(tables_defs_config,"mysql_firewall_whitelist", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST);
+	insert_into_tables_defs(tables_defs_config,"mysql_firewall_whitelist_users", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_USERS);
+	insert_into_tables_defs(tables_defs_config,"mysql_firewall_whitelist_rules", ADMIN_SQLITE_TABLE_MYSQL_FIREWALL_WHITELIST_RULES);
 #ifdef DEBUG
 	insert_into_tables_defs(tables_defs_config,"debug_levels", ADMIN_SQLITE_TABLE_DEBUG_LEVELS);
 #endif /* DEBUG */
@@ -5199,7 +5311,7 @@ bool ProxySQL_Admin::ProxySQL_Test___Load_MySQL_Whitelist(int *ret1, int *ret2,
 	// cmd == 3 : perform lookup with a mutex for each call
 	// cmd 2 and 3 accept an extra argument that defines the number of loops
 
-	char *q = (char *)"SELECT * FROM mysql_firewall_whitelist ORDER BY RANDOM()";
+	char *q = (char *)"SELECT * FROM mysql_firewall_whitelist_rules ORDER BY RANDOM()";
 	char *error=NULL;
 	int cols=0;
 	int affected_rows=0;
@@ -7341,6 +7453,10 @@ void ProxySQL_Admin::save_mysql_query_rules_from_runtime(bool _runtime) {
 	delete resultset;
 }
 
+void ProxySQL_Admin::save_mysql_firewall_from_runtime(bool _runtime) {
+	// FIXME: to be completed
+}
+
 void ProxySQL_Admin::flush_admin_variables___runtime_to_database(SQLite3DB *db, bool replace, bool del, bool onlyifempty, bool runtime) {
 	proxy_debug(PROXY_DEBUG_ADMIN, 4, "Flushing ADMIN variables. Replace:%d, Delete:%d, Only_If_Empty:%d\n", replace, del, onlyifempty);
 	if (onlyifempty) {
@@ -7465,6 +7581,8 @@ void ProxySQL_Admin::__insert_or_ignore_maintable_select_disktable() {
 	admindb->execute("INSERT OR IGNORE INTO main.mysql_users SELECT * FROM disk.mysql_users");
 	admindb->execute("INSERT OR IGNORE INTO main.mysql_query_rules SELECT * FROM disk.mysql_query_rules");
 	admindb->execute("INSERT OR IGNORE INTO main.mysql_query_rules_fast_routing SELECT * FROM disk.mysql_query_rules_fast_routing");
+	admindb->execute("INSERT OR IGNORE INTO main.mysql_firewall_whitelist_users SELECT * FROM disk.mysql_firewall_whitelist_users");
+	admindb->execute("INSERT OR IGNORE INTO main.mysql_firewall_whitelist_rules SELECT * FROM disk.mysql_firewall_whitelist_rules");
 	admindb->execute("INSERT OR IGNORE INTO main.global_variables SELECT * FROM disk.global_variables");
 	admindb->execute("INSERT OR IGNORE INTO main.scheduler SELECT * FROM disk.scheduler");
 	admindb->execute("INSERT OR IGNORE INTO main.proxysql_servers SELECT * FROM disk.proxysql_servers");
@@ -7492,6 +7610,8 @@ void ProxySQL_Admin::__insert_or_replace_maintable_select_disktable() {
 	admindb->execute("INSERT OR REPLACE INTO main.mysql_users SELECT * FROM disk.mysql_users");
 	admindb->execute("INSERT OR REPLACE INTO main.mysql_query_rules SELECT * FROM disk.mysql_query_rules");
 	admindb->execute("INSERT OR REPLACE INTO main.mysql_query_rules_fast_routing SELECT * FROM disk.mysql_query_rules_fast_routing");
+	admindb->execute("INSERT OR REPLACE INTO main.mysql_firewall_whitelist_users SELECT * FROM disk.mysql_firewall_whitelist_users");
+	admindb->execute("INSERT OR REPLACE INTO main.mysql_firewall_whitelist_rules SELECT * FROM disk.mysql_firewall_whitelist_rules");
 	admindb->execute("INSERT OR REPLACE INTO main.global_variables SELECT * FROM disk.global_variables");
 	admindb->execute("INSERT OR REPLACE INTO main.scheduler SELECT * FROM disk.scheduler");
 	admindb->execute("INSERT OR REPLACE INTO main.proxysql_servers SELECT * FROM disk.proxysql_servers");
@@ -7518,6 +7638,8 @@ void ProxySQL_Admin::__delete_disktable() {
 	admindb->execute("DELETE FROM disk.mysql_users");
 	admindb->execute("DELETE FROM disk.mysql_query_rules");
 	admindb->execute("DELETE FROM disk.mysql_query_rules_fast_routing");
+	admindb->execute("DELETE FROM disk.mysql_firewall_whitelist_users");
+	admindb->execute("DELETE FROM disk.mysql_firewall_whitelist_rules");
 	admindb->execute("DELETE FROM disk.global_variables");
 	admindb->execute("DELETE FROM disk.scheduler");
 	admindb->execute("DELETE FROM disk.proxysql_servers");
@@ -7543,6 +7665,8 @@ void ProxySQL_Admin::__insert_or_replace_disktable_select_maintable() {
 	admindb->execute("INSERT OR REPLACE INTO disk.mysql_query_rules SELECT * FROM main.mysql_query_rules");
 	admindb->execute("INSERT OR REPLACE INTO disk.mysql_users SELECT * FROM main.mysql_users");
 	admindb->execute("INSERT OR REPLACE INTO disk.mysql_query_rules_fast_routing SELECT * FROM main.mysql_query_rules_fast_routing");
+	admindb->execute("INSERT OR REPLACE INTO disk.mysql_firewall_whitelist_users SELECT * FROM main.mysql_firewall_whitelist_users");
+	admindb->execute("INSERT OR REPLACE INTO disk.mysql_firewall_whitelist_rules SELECT * FROM main.mysql_firewall_whitelist_rules");
 	admindb->execute("INSERT OR REPLACE INTO disk.global_variables SELECT * FROM main.global_variables");
 	admindb->execute("INSERT OR REPLACE INTO disk.scheduler SELECT * FROM main.scheduler");
 	admindb->execute("INSERT OR REPLACE INTO disk.proxysql_servers SELECT * FROM main.proxysql_servers");
@@ -7654,6 +7778,28 @@ void ProxySQL_Admin::flush_mysql_servers__from_memory_to_disk() {
 	admindb->wrunlock();
 }
 
+void ProxySQL_Admin::flush_mysql_firewall__from_disk_to_memory() {
+	admindb->wrlock();
+	admindb->execute("PRAGMA foreign_keys = OFF");
+	admindb->execute("DELETE FROM main.mysql_firewall_whitelist_rules");
+	admindb->execute("INSERT INTO main.mysql_firewall_whitelist_rules SELECT * FROM disk.mysql_query_rules");
+	admindb->execute("DELETE FROM main.mysql_firewall_whitelist_users");
+	admindb->execute("INSERT INTO main.mysql_firewall_whitelist_users SELECT * FROM disk.mysql_query_users");
+	admindb->execute("PRAGMA foreign_keys = ON");
+	admindb->wrunlock();
+}
+
+void ProxySQL_Admin::flush_mysql_firewall__from_memory_to_disk() {
+	admindb->wrlock();
+	admindb->execute("PRAGMA foreign_keys = OFF");
+	admindb->execute("DELETE FROM disk.mysql_firewall_whitelist_rules");
+	admindb->execute("INSERT INTO disk.mysql_firewall_whitelist_rules SELECT * FROM main.mysql_query_rules");
+	admindb->execute("DELETE FROM disk.mysql_firewall_whitelist_users");
+	admindb->execute("INSERT INTO disk.mysql_firewall_whitelist_users SELECT * FROM main.mysql_query_users");
+	admindb->execute("PRAGMA foreign_keys = ON");
+	admindb->wrunlock();
+}
+
 void ProxySQL_Admin::flush_mysql_query_rules__from_disk_to_memory() {
 	admindb->wrlock();
 	admindb->execute("PRAGMA foreign_keys = OFF");
@@ -7714,6 +7860,10 @@ void ProxySQL_Admin::init_mysql_query_rules() {
 	load_mysql_query_rules_to_runtime();
 }
 
+void ProxySQL_Admin::init_mysql_firewall() {
+	load_mysql_firewall_to_runtime();
+}
+
 void ProxySQL_Admin::add_admin_users() {
 #ifdef DEBUG
 	add_credentials((char *)"admin",variables.admin_credentials, ADMIN_HOSTGROUP);
@@ -9052,6 +9202,42 @@ void ProxySQL_Admin::load_mysql_servers_to_runtime() {
 }
 
 
+char * ProxySQL_Admin::load_mysql_firewall_to_runtime() {
+//	NOTE: firewall is currently NOT part of Cluster
+	char *error_users=NULL;
+	int cols_users=0;
+	int affected_rows_users=0;
+	char *error_rules=NULL;
+	int cols_rules=0;
+	int affected_rows_rules=0;
+	bool success = false;
+	if (GloQPro==NULL) return (char *)"Global Query Processor not started: command impossible to run";
+	char *query_users = (char *)"SELECT ";
+	char *query_rules = (char *)"SELECT ";
+	SQLite3_result *resultset_users = NULL;
+	SQLite3_result *resultset_rules = NULL;
+	admindb->execute_statement(query_users, &error_users , &cols_users , &affected_rows_users , &resultset_users);
+	admindb->execute_statement(query_rules, &error_rules , &cols_rules , &affected_rows_rules , &resultset_rules);
+	if (error_users) {
+		proxy_error("Error on %s : %s\n", query_users, error_users);
+	} else if (error_rules) {
+		proxy_error("Error on %s : %s\n", query_rules, error_rules);
+	} else {
+		success = true;
+		GloQPro->load_mysql_firewall(resultset_users, resultset_rules);
+	}
+	if (success == false) {
+		// clean up
+		if (resultset_users) {
+			free(resultset_users);
+		}
+		if (resultset_rules) {
+			free(resultset_rules);
+		}
+	}
+	return NULL;
+}
+
 char * ProxySQL_Admin::load_mysql_query_rules_to_runtime() {
 	char *error=NULL;
 	int cols=0;
diff --git a/lib/ProxySQL_Cluster.cpp b/lib/ProxySQL_Cluster.cpp
index f42cc10bba..1e34bb6ffa 100644
--- a/lib/ProxySQL_Cluster.cpp
+++ b/lib/ProxySQL_Cluster.cpp
@@ -2,6 +2,8 @@
 #include "cpp.h"
 #include "SpookyV2.h"
 
+#include "ProxySQL_Cluster.hpp"
+
 #ifdef DEBUG
 #define DEB "_DEBUG"
 #else
diff --git a/lib/ProxySQL_HTTP_Server.cpp b/lib/ProxySQL_HTTP_Server.cpp
index 5b05bf853d..6fed7ed762 100644
--- a/lib/ProxySQL_HTTP_Server.cpp
+++ b/lib/ProxySQL_HTTP_Server.cpp
@@ -5,6 +5,8 @@
 #include "re2/regexp.h"
 #include "proxysql.h"
 #include "cpp.h"
+#include "ProxySQL_HTTP_Server.hpp" // HTTP server
+#include "ProxySQL_Statistics.hpp"
 
 #include <search.h>
 #include <stdlib.h>
diff --git a/lib/ProxySQL_Statistics.cpp b/lib/ProxySQL_Statistics.cpp
index 7f6566ac74..9ee6009c21 100644
--- a/lib/ProxySQL_Statistics.cpp
+++ b/lib/ProxySQL_Statistics.cpp
@@ -4,6 +4,8 @@
 #include "proxysql.h"
 #include "cpp.h"
 
+#include "ProxySQL_Statistics.hpp"
+
 //#include "thread.h"
 //#include "wqueue.h"
 
diff --git a/lib/Query_Processor.cpp b/lib/Query_Processor.cpp
index 85a8e396f1..3c94166805 100644
--- a/lib/Query_Processor.cpp
+++ b/lib/Query_Processor.cpp
@@ -6,6 +6,8 @@
 #include "proxysql.h"
 #include "cpp.h"
 
+#include "MySQL_PreparedStatement.h"
+
 #include "SpookyV2.h"
 
 #include "pcrecpp.h"
@@ -2781,3 +2783,8 @@ int Query_Processor::testing___find_HG_in_mysql_query_rules_fast_routing(char *u
 #endif
 	return ret;
 }
+
+void Query_Processor::load_mysql_firewall(SQLite3_result *u, SQLite3_result *r) {
+	// TODO: complete
+	return;
+}
diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp
index ae43a73815..d87cc6b550 100644
--- a/lib/mysql_connection.cpp
+++ b/lib/mysql_connection.cpp
@@ -3,6 +3,8 @@
 #include "SpookyV2.h"
 #include <fcntl.h>
 
+#include "MySQL_PreparedStatement.h"
+
 extern const MARIADB_CHARSET_INFO * proxysql_find_charset_nr(unsigned int nr);
 
 #define PROXYSQL_USE_RESULT
diff --git a/lib/mysql_data_stream.cpp b/lib/mysql_data_stream.cpp
index e73d9f4a10..deb418d513 100644
--- a/lib/mysql_data_stream.cpp
+++ b/lib/mysql_data_stream.cpp
@@ -5,6 +5,8 @@
 #define UNIX_PATH_MAX    108
 #endif 
 
+#include "MySQL_PreparedStatement.h"
+
 struct bio_st {
 	const BIO_METHOD *method;
 	long (*callback) (struct bio_st *, int, const char *, int, long, long);
diff --git a/src/main.cpp b/src/main.cpp
index 17ff06c1e4..f5c02c0caa 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -9,6 +9,9 @@
 //#define PROXYSQL_EXTERN
 #include "cpp.h"
 
+#include "ProxySQL_Statistics.hpp"
+#include "MySQL_PreparedStatement.h"
+#include "ProxySQL_Cluster.hpp"
 
 #include <libdaemon/dfork.h>
 #include <libdaemon/dsignal.h>