firewalld实现指定IP访问sshd端口25601

一、首先删除掉系统默认放行的ssh服务

[root@localhost ~]# firewall-cmd --list-service
ssh dhcpv6-client
[root@localhost ~]# firewall-cmd --remove-service=ssh --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-service
dhcpv6-client

二、添加富规则如下

[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.28.146.109" port protocol="tcp" port="25601" accept'
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: em1
  sources: 
  services: ssh dhcpv6-client
  ports: 25601/tcp 8079/tcp 7890/tcp 10050/tcp 8801/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="172.28.146.109" port port="25601" protocol="tcp" accept

source address指定访问的源ip,可以是地址段172.28.146.1/24 ,如果添加多个IP,可以重复执行上面的语句进行添加

如果这里加错了,可以删除规则重新添加

[root@localhost ~]# firewall-cmd --remove-rich-rule='rule family="ipv4" source address="172.28.146.109" port port="25601" protocol="tcp" accept' --permanent
success
[root@localhost ~]# firewall-cmd --reload  
success

 

三、删除掉原来指定的访问端口25601

[root@localhost ~]# firewall-cmd --remove-port=25601/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

这样,只有172.28.146.109这台IP的机器才能SSH连接25601端口了

 

上一篇:Linux之firewalld防火墙规则


下一篇:firewalld防火墙基础