只需要限制源ip,放行所有tcp udp 端口
cat set-firewalld.sh
#!/bin/bash
ips="
127.0.0.1
172.16.15.3
172.16.15.4
172.16.15.5
"
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --zone=public --add-port=22/tcp
for ip in ${ips}
do
sudo firewall-cmd --permanent --add-rich-rule= rule family="ipv4" source address= "${ip}" accept
done
sudo firewall-cmd --reload
# firewall-cmd –list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="127.0.0.1" accept
rule family="ipv4" source address="172.16.15.3" accept
rule family="ipv4" source address="172.16.15.4" accept
rule family="ipv4" source address="172.16.15.5" accept
© 版权声明
文章版权归作者所有,未经允许请勿转载。
相关文章
暂无评论...
