赞
踩
现有项目端口使用极多,为了开发调试方便,特使用开放端口范围、端口段的方式使用防火墙。
firewall-cmd --permanent --zone=public --add-port=8840-8900/tcp
firewall-cmd --permanent --zone=public --remove-port=8840-8900/tcp
firewall-cmd --load
//使用rich-rule添加规则
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" port protocol="tcp" port="8840-8900" accept"
//删除rich-rule规则
firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" port protocol="tcp" port="8840-8900" accept"
//查看防火墙规则
firewall-cmd --list-all
//启动防火墙
systemctl start firewalld
//停止防火墙
systemctl stop firewalld
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="192.168.29.3" drop"
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="192.168.29.3" reject"
firewall-cmd --zone=public --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.29.3" drop"
firewall-cmd --zone=public --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.29.3" reject"
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="192.168.29.3" port protocol="tcp" port="6379" reject"
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="192.168.29.3" port protocol="tcp" port="6379" drop"
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="192.168.29.3" port protocol="tcp" port="6379" accept"
然后用这种试,反过来防火墙规则:
1.先允许
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.3" port protocol="tcp" port="80" accept"
2.再禁所有
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" port protocol="tcp" port="80" drop"
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" port protocol="tcp" port="80" reject"
在cd /etc/firewalld/zones目录下,找到相应的zone文件,添加相应的规则进去。
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。