1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| # 检查firewalld是否正常运行
systemctl status firewalld
# 查看防火墙所有规则
firewall-cmd --list-all
# 删除多余端口
firewall-cmd --zone=public --remove-port=80/tcp --permanent
# 删除多余服务
firewall-cmd --remove-service=ssh --permanent
# 添加Ipset
firewall-cmd --permanent --new-ipset=china_ip --type=hash:net
# 导入IP
# https://github.com/gaoyifan/china-operator-ip/blob/ip-lists/china.txt
# ip格式 0.0.0.0 或 0.0.0.0/32
firewall-cmd --permanent --ipset=china_ip --add-entries-from-file=china_ip_list.txt
# 添加Ip端口
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source ipset="china_ip" port port=80 protocol=tcp accept'
# 激活重新加载
firewall-cmd --reload
|