放行端口 80,8080,8889(降),8888(本地网络服务器),9999(网络查)
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=8888/tcp --permanent
firewall-cmd --zone=public --add-port=8889/tcp --permanent
firewall-cmd --zone=public --add-port=9999/tcp --permanent
重载firewalld
firewall-cmd --reload
查看配置状态
firewall-cmd --list-all
创建白名单
cd /etc/firewalld/ipsets
vi es_white_list.xml
<?xml version="1.0" encoding="utf-8"?>
<ipset type="hash:net">
<short>white-list</short>
<entry>192.168.1.101</entry>
<entry>192.168.1.102</entry>
<entry>192.168.1.103</entry>
<entry>192.168.1.104</entry>
<entry>192.168.1.105</entry>
<entry>192.168.1.106</entry>
<entry>192.168.1.107</entry>
<entry>192.168.1.108</entry>
<entry>192.168.1.109</entry>
<entry>192.168.1.110</entry>
<entry>192.168.1.111</entry>
<entry>192.168.1.112</entry>
<entry>192.168.1.113</entry>
<entry>192.168.1.114</entry>
<entry>192.168.1.115</entry>
<entry>192.168.1.116</entry>
</ipset>
导入白名单
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source ipset="es_white_list" port port=9200 protocol=tcp accept'
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source ipset="es_white_list" port port=9300 protocol=tcp accept'
重载firewalld
firewall-cmd --reload
查看配置状态
firewall-cmd --list-all