【firewalld】如何通过firewalld限制只有特定源i
2025-01-10 本文已影响0人
放纵不基
只需要限制源ip,放行所有tcp udp 端口
cat set-firewalld.sh
#!/bin/bash
ips="
127.0.0.1
172.16.15.3
172.16.15.4
172.16.15.5
"
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --zone=public --add-port=22/tcp
for ip in ${ips}
do
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"${ip}"' accept'
done
sudo firewall-cmd --reload
# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="127.0.0.1" accept
rule family="ipv4" source address="172.16.15.3" accept
rule family="ipv4" source address="172.16.15.4" accept
rule family="ipv4" source address="172.16.15.5" accept