systemctl enable firewalld #开机运行
systemctl start firewalld
firewall-cmd --new-ipset=permit_22_input --type=hash:ip --permanent
#以上只能--pernanent
firewall-cmd --ipset="permit_22_input" --add-entry="192.168.1.2" --permanent
firewall-cmd --info-ipset=permit_22_input #--permanent
firewall-cmd --add-rich-rule='rule family="ipv4" source ipset="permit_22_input" port port="22" protocol="tcp" accept' --permanent
firewall-cmd --reload
vi etc/firewalld/zones/public.xml #删除 ssh一行
firewall-cmd --reload