firewalld
- 取消默认开启的没有访问限制的ssh服务,让ssh服务默认情况下拒绝连接。
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="22" accept'
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
firewall-cmd --permanent --add-port=3306/tcp
firewall-cmd --permanent --remove-port=3306/tcp
firewall-cmd --permanent --remove-service=http
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.100' reject"
firewall-cmd --permanent --zone=public --add-port=100-500/tcp
firewall-cmd --permanent --zone=public --add-port=100-500/udp
firewall-cmd --reload
rm -rf /etc/firewalld/zones
systemctl restart firewalld
rm -f /etc/firewalld/direct.xml