CentOS 系防火墙放开端口范围限制

文章目录

需要特定 ip 能被相互访问目前有两种方案

1
2
3
4
5
6
7
8
9
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.200.34.42" port port="1000-50000" protocol="tcp" accept'

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.200.34.182" port port="1000-50000" protocol="tcp" accept'

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.200.34.51" port port="1000-50000" protocol="tcp" accept'

sudo firewall-cmd --reload

sudo firewall-cmd --list-all

sudo firewall-cmd –permanent –remove-rich-rule=’ rule family=”ipv4” source address=”203.0.113.55” port port=”22-60000” protocol=”tcp” accept’

方案 二:

sudo firewall-cmd –permanent –new-zone=cluster-internal

sudo firewall-cmd –permanent –zone=cluster-internal –set-target=ACCEPT

sudo firewall-cmd –permanent –zone=cluster-internal –add-source=203.0.113.55

sudo firewall-cmd –permanent –zone=cluster-internal –add-source=203.0.113.182

sudo firewall-cmd –permanent –zone=cluster-internal –add-source=203.0.113.51

sudo firewall-cmd –reload

sudo firewall-cmd –list-all

# 列出永久规则中的端口

sudo firewall-cmd –permanent –list-ports

# 列出永久规则中的服务

sudo firewall-cmd –permanent –list-services