linux

【firewalld】如何通过firewalld限制只有特定源i

2025-01-10  本文已影响0人  放纵不基

只需要限制源ip,放行所有tcp udp 端口

cat set-firewalld.sh

#!/bin/bash

ips="
127.0.0.1
172.16.15.3
172.16.15.4
172.16.15.5
"

sudo systemctl start  firewalld
sudo systemctl enable firewalld

sudo firewall-cmd --permanent --zone=public --add-port=22/tcp

for ip in ${ips}
do
    sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"${ip}"' accept'
done

sudo firewall-cmd --reload

# firewall-cmd --list-all

public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports: 22/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="127.0.0.1" accept
        rule family="ipv4" source address="172.16.15.3" accept
        rule family="ipv4" source address="172.16.15.4" accept
        rule family="ipv4" source address="172.16.15.5" accept

上一篇 下一篇

猜你喜欢

热点阅读