开放http/80,https/443服务
限定ssh/22服务只能从内网10.169.138.158访问
限定udp/161端口只能从内网10.169.138.158访问
[root@localhost ~]# firewall-cmd --permanent --add-service=http success [root@localhost ~]# firewall-cmd --permanent --add-service=https success [root@localhost ~]# firewall-cmd --permanent --add-port=161/udp success [root@localhost ~]# firewall-cmd --permanent --remove-service=ssh success [root@localhost ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.169.138.158/24" service name="ssh" accept" success [root@localhost ~]# firewall-cmd --reload success [root@localhost ~]# firewall-cmd --list-all public (default) interfaces: sources: services: dhcpv6-client http https ports: 161/udp masquerade: no forward-ports: icmp-blocks: rich rules: rule family="ipv4" source address="10.169.138.158/24" service name="ssh" accept [root@localhost ~]# [root@localhost ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.169.138.158/24" destination address="10.46.128.24/24" port port="161" protocol="udp" accept" success [root@localhost ~]# firewall-cmd --permanent --remove-port=161/dup success [root@localhost ~]# firewall-cmd --reload success [root@localhost ~]# firewall-cmd --list-all public (default) interfaces: sources: services: dhcpv6-client http https ports: masquerade: no forward-ports: icmp-blocks: rich rules: rule family="ipv4" source address="10.169.138.158/24" service name="ssh" accept rule family="ipv4" source address="10.169.138.158/24" destination address="10.46.128.24/24" port port="161" protocol="udp" accept [root@localhost ~]#