How do I prevent users from accessing mysql?

I installed MariaDB. I started the server as a local server(127.0.0.1:3306). I want to make sure that the www-data user can't access it. I tried to disable the mysql command for that user. But anyone can bypass it by forwarding the port to a different machine and accessing the server through that. I also tried to use IP rules but it didn't work either.

iptables -I OUTPUT -o lo -p tcp --dport 3306 --match owner --uid-owner 33 -j DROP

ip6tables -I OUTPUT -o lo -p tcp --dport 3306 --match owner --uid-owner 33 -j DROP

How can I go around this? My final goal is to make sure that the www-data user can't access the MariaDB server by any means.