#永久添加指定的端口策略
firewall-cmd --zone=public --add-port=80/tcp --permanent
#永久删除指定的端口策略
firewall-cmd --zone=public --remove-port=80/tcp --permanent
#永久删除指定的允许ip请求的策略
firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="172.16.4.6" port protocol="tcp" port="80" accept"
#永久添加指定的允许ip请求的策略(允许172.16.4.6访问)
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.4.6" port protocol="tcp" port="80" accept"
#多个端口开放
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.4.6" port protocol="tcp" port="80-100" accept"
#参考文档:
https://www.lmlphp.com/user/21749/article/item/522745/
#打开防火墙
sudo systemctl start firewalld
sudo systemctl enable firewalld
#放行指定端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent
#允许指定IP地址访问目标端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.6.11" port protocol="tcp" port="22" accept"
#删除刚添加的规则
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="172.16.6.11" port protocol="tcp" port="22" accept'
#允许指定IP地址访问所有端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.6.11" accept'
#重载防火墙
firewall-cmd --reload
#查看规则
firewall-cmd --zone=public --list-all
firewall-cmd --zone=public --list-rich-rules
浙公网安备 33010602011771号