Yes, limit connections in firewall. Ideally you are only listening on a private network anyway, better yet only listening on loopback or a local socket. But still firewall it. You can also configure the database to only accept connections from a particular source. Do that too.

Thanks for clarifying.

> you are only listening on a private network anyway what if i host my app in say some where else than the DB?

> better yet only listening on loopback or a local socket. For that app and db needs to run on the same server. Isn't it?