centos7限制及firewalld防火墙

禁用ssh登陆

就编辑：/etc/hosts.deny
在里面添加以下
格式：sshd:IP:deny
sshd:42.236.74.73:deny

centos7防火墙

第一种方式：
开放或限制IP

1、限制IP地址访问
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="ip" drop'
或
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="ip" port protocol="tcp" port="80" reject"


2、解除IP地址限制
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="ip" accept'
或
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="ip" port protocol="tcp" port="80" accept"


3、查看已经设置的规则
firewall-cmd --zone=public --list-rich-rules

设置好后，需要重新加载一下防火墙规则，使设置生效
firewall-cmd --reload

第二种方式：

可以直接编辑防火墙规则文件：
vi /etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="80"/>
</zone>

在zone里面添加以下

  <rule family="ipv4">
    <source address="192.168.0.222"/>
    <drop/>
  </rule>

最终排版如下：

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <port protocol="tcp" port="80"/>
  <rule family="ipv4">
    <source address="192.168.0.222"/>
    <drop/>
  </rule>
</zone>

设置好后，执行firewall-cmd --reload ，使用设置生效
反之，如果不想限制删除中间那一段<rule></rule>即可