白眉大叔 # firewalld 针对某个端口开放多个IP
## 添加多个IP访问规则
### 方法一:分别添加每个IP的富规则
```bash
# 为每个IP单独添加规则
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="2375" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.101" port protocol="tcp" port="2375" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.50" port protocol="tcp" port="2375" accept'
```
### 方法二:使用IP集合(推荐)
```bash
# 创建IP集合
firewall-cmd --permanent --new-ipset=trusted_ips --type=hash:ip
firewall-cmd --permanent --ipset=trusted_ips --add-entry=192.168.1.100
firewall-cmd --permanent --ipset=trusted_ips --add-entry=192.168.1.101
firewall-cmd --permanent --ipset=trusted_ips --add-entry=10.0.0.50
# 基于IP集添加规则
firewall-cmd --permanent --add-rich-rule='rule source ipset="trusted_ips" port protocol="tcp" port="2375" accept'
```
## 验证和管理
### 查看富规则
```bash
firewall-cmd --list-rich-rules
```
### 查看IP集
```bash
firewall-cmd --list-ipsets
firewall-cmd --ipset=trusted_ips --get-entries
```
### 重新加载配置
```bash
firewall-cmd --reload
```
## 删除规则
### 删除单个IP规则
```bash
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="2375" accept'
```
### 删除IP集规则
```bash
firewall-cmd --permanent --remove-rich-rule='rule source ipset="trusted_ips" port protocol="tcp" port="2375" accept'
firewall-cmd --permanent --delete-ipset=trusted_ips
```
欢迎来撩 : 汇总all
