add.sh
[root@ecs-3287 ~]# cat add.sh
#!/bin/bash
ip=$(echo $SSH_CLIENT |awk '{print $1}')
echo ${ip}
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="${ip}" port protocol="tcp" port="8000" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="${ip}" port protocol="tcp" port="8081" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="${ip}" port protocol="tcp" port="8082" accept"
firewall-cmd --reload
initFireWalld.sh 可以设置每日0点恢复原有配置
[root@localhost ~]# cat initFireWalld.sh
cp -rf /etc/firewalld/zones/public.xml.backup /etc/firewalld/zones/public.xml
firewall-cmd --reload
visudo
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "SSH_CLIENT" #增加
...
...
...
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
username localhost=/usr/bin/firewall-cmd
username localhost=/home/username/add.sh
最后 再普通用户 执行 sudo /home/username/add.sh 就可以了