firewall 常用命令(update...)

 

# 允许指定IP到指定端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.x.x" port protocol="tcp" port="8080" accept"

firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.x.x" port protocol="tcp" port="8080" accept"

这里可以添加一个ip地址，也可以使用IP段

e.g.

source address="192.168.x.x"

source address="192.168.x.x/xx"

 

# 允许所有人访问端口

sudo firewall-cmd --permanent --add-port=80/tcp

sudo firewall-cmd --permanent --remove-port=80/tcp

 

# 查看

sudo firewall-cmd --list-all

 

# 查看添加情况

sudo firewall-cmd --list-rich-rules

 

PS:记住所有操作后需要 reload 生效

sudo systemctl reload firewalld