firewalld使用与配置

#永久添加指定的端口策略
firewall-cmd --zone=public --add-port=80/tcp --permanent

#永久删除指定的端口策略
firewall-cmd --zone=public --remove-port=80/tcp --permanent

#永久删除指定的允许ip请求的策略
firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="172.16.4.6" port protocol="tcp" port="80" accept"


#永久添加指定的允许ip请求的策略（允许172.16.4.6访问）
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.4.6" port protocol="tcp" port="80" accept"

#多个端口开放
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.4.6" port protocol="tcp" port="80-100" accept"


#参考文档：
https://www.lmlphp.com/user/21749/article/item/522745/

 

#打开防火墙
sudo systemctl start firewalld
sudo systemctl enable firewalld


#放行指定端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent


#允许指定IP地址访问目标端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.6.11" port protocol="tcp" port="22" accept"

#删除刚添加的规则

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="172.16.6.11" port protocol="tcp" port="22" accept'


#允许指定IP地址访问所有端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.6.11" accept'

#重载防火墙
firewall-cmd --reload

#查看规则
firewall-cmd --zone=public --list-all
firewall-cmd --zone=public --list-rich-rules