删除默认开放的22端口
firewall-cmd --permanent --remove-service=ssh
指定允许访问22端口的IP
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port port="22" protocol="tcp" accept'
如果需要该IP访问所有本机所有端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.64.2" port protocol="tcp" accept'
如果需要禁止该IP访问本机22端口
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.2" port protocol="tcp" port="22" drop'
如果需要禁止该IP访问本机所有端口
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.2" port protocol="tcp" drop'
如果需要删除规则
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.64.2" port protocol="tcp" accept'
配置完成后需要重载
firewall-cmd --reload
如果需要查看已经配置的规则
firewall-cmd --zone=public --list-rich-rules
或者
firewall-cmd --list-all
ps:可以使用该方式来规避漏扫
Comments NOTHING