需求
由于一些安全因素，我们只允许特定IP访问SSH远程22端口，或者一些特殊业务只允许特殊IP进行访问。

实现
1、防火墙状态查看

systemctl status firewalld
2、防火墙开启

systemctl start firewalld.service
3、开机启动防火墙

systemctl enable firewalld.service
4、添加规则（IP白名单方式,只允许白名单列表中的IP访问指定端口）

注：可指定IP网段

firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”10.xx.xx.1/24″ port protocol=”tcp” port=”2801″ accept”
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”10.xx.xx.1/24″ port protocol=”tcp” port=”2801″ accept”

5、添加规则（开启指定端口,允许其他IP访问指定端口）
firewall-cmd –permanent –add-port=9990/tcp
firewall-cmd –permanent –add-port=9991/tcp
firewall-cmd –permanent –add-port=9992/tcp
firewall-cmd –permanent –add-port=9993/tcp
firewall-cmd –permanent –add-port=8123/tcp
firewall-cmd –permanent –add-port=5432/tcp
firewall-cmd –permanent –add-port=3651/tcp
firewall-cmd –permanent –add-port=5652/tcp

6、reload使生效或重启防火墙
1）reload使生效 firewall-cmd –reload
2）重启防火墙 systemctl restart firewalld.service

7、查看当前防火墙规则列表
firewall-cmd –zone=public –list-rich-rules