centos7 firewalld配置常用规则

限制ssh服务只允许某个ip

### 允许某个ip(调整前，务必添加定时任务`29 17 * * * systemctl stop firewalld`)
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.10.1/32" port protocol="tcp" port="22" accept"

### 重载查看是否生效
firewall-cmd --reload

### 移除ssh service
mv /usr/lib/firewalld/services/ssh.xml /tmp/

> firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces: 
sources: 
services: dhcpv6-client
ports: 80/tcp 8011/tcp 8012/tcp
protocols: 
masquerade: no
forward-ports: 
source-ports: 
icmp-blocks: 
rich rules: 
  rule family="ipv4" source address="192.168.10.1/32" port port="22" protocol="tcp" accept

添加80端口

firewall-cmd --zone=public --add-port=80/tcp --permanent