1、查看当前所有规则
firewall-cmd --zone=public --list-rich-rules
firewall-cmd --zone=public --list-ports
2、开启白名单
# 放行指定ip或网段
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.111.1" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.111.0/24" accept'
# 放行指定端口
firewall-cmd --add-port=22/tcp --permanent
3、删除已有规则
# 删除ip放行规则
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.111.1" accept'
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.111.0/24" accept'
# 删除端口放行规则
firewall-cmd --zone=public --remove-port=3306/tcp --permanent
4、规则修改后重载
firewall-cmd --reload