限制ssh服务只允许某个ip
### 允许某个ip(调整前,务必添加定时任务`29 17 * * * systemctl stop firewalld`) firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.10.1/32" port protocol="tcp" port="22" accept" ### 重载查看是否生效 firewall-cmd --reload ### 移除ssh service mv /usr/lib/firewalld/services/ssh.xml /tmp/ > firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ports: 80/tcp 8011/tcp 8012/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.10.1/32" port port="22" protocol="tcp" accept
添加80端口
firewall-cmd --zone=public --add-port=80/tcp --permanent