# vi /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
</zone>
# systemctl reload firewalld //重新加载配置
# firewall-cmd --zone=public --list-ports //查看
80/tcp 443/tcp
# vi /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/> //删除这一条规则,如果ssh端口不是22可忽略这一步
<service name="dhcpv6-client"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
</zone>
//对指定IP开放ssh的端口
# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.29.182" port protocol="tcp" port="22" accept"
# firewall-cmd --reload