diff --git a/version/0.2.3/INSTALL.sh b/version/0.2.3/INSTALL.sh
index 4e8a2a2a..42e17166 100644
--- a/version/0.2.3/INSTALL.sh
+++ b/version/0.2.3/INSTALL.sh
@@ -692,7 +692,7 @@ setup_firewall_service() {
                 fi
             }
 
-    
+
             function open_port_csf() {
                 local port=$1
                 local csf_conf="/etc/csf/csf.conf"
@@ -709,6 +709,23 @@ setup_firewall_service() {
                 fi
             }
 
+    
+            function open_tcpout_csf() {
+                local port=$1
+                local csf_conf="/etc/csf/csf.conf"
+                
+                # Check if port is already open
+                port_opened=$(grep "TCP_OUT = .*${port}" "$csf_conf")
+                if [ -z "$port_opened" ]; then
+                    # Open port
+                    sed -i "s/TCP_OUT = \"\(.*\)\"/TCP_OUT = \"\1,${port}\"/" "$csf_conf"
+                    echo "TCP_OUT port ${port} opened in CSF."
+                    ports_opened=1
+                else
+                    echo "TCP_OUT port ${port} is already open in CSF."
+                fi
+            }
+
           edit_csf_conf() {
               sed -i 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf
               sed -i 's/ETH_DEVICE_SKIP = ""/ETH_DEVICE_SKIP = "docker0"/' /etc/csf/csf.conf
@@ -727,6 +744,7 @@ setup_firewall_service() {
           install_csf
           edit_csf_conf
           open_out_port_csf
+          open_tcpout_csf 3306 #mysql tcp_out only
           open_port_csf 22 #ssh
           open_port_csf 53 #dns
           open_port_csf 80 #http