需要特定 ip 能被相互访问目前有两种方案
1 | sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.200.34.42" port port="1000-50000" protocol="tcp" accept' |
sudo firewall-cmd –permanent –remove-rich-rule=’ rule family=”ipv4” source address=”203.0.113.55” port port=”22-60000” protocol=”tcp” accept’
方案 二:
sudo firewall-cmd –permanent –new-zone=cluster-internal
sudo firewall-cmd –permanent –zone=cluster-internal –set-target=ACCEPT
sudo firewall-cmd –permanent –zone=cluster-internal –add-source=203.0.113.55
sudo firewall-cmd –permanent –zone=cluster-internal –add-source=203.0.113.182
sudo firewall-cmd –permanent –zone=cluster-internal –add-source=203.0.113.51
sudo firewall-cmd –reload
sudo firewall-cmd –list-all
# 列出永久规则中的端口
sudo firewall-cmd –permanent –list-ports
# 列出永久规则中的服务
sudo firewall-cmd –permanent –list-services