#!/bin/bash

v_port=$1
v_ip_txt=$2
v_name=$3
v_ipset_name="${v_name}_${v_port}"

firewall-cmd --permanent --new-ipset=nc_22 --type=hash:ip

while read ip
do
  v_cmd="firewall-cmd --permanent --ipset=${v_ipset_name} --add-entry=${ip}"
  echo ${v_cmd}
  ${v_cmd}
done<${v_ip_txt}

v_rule="rule family=""ipv4"" source ipset="\"${v_ipset_name}\"" port port=${v_port} protocol=tcp accept"
firewall-cmd --permanent --add-rich-rule "${v_rule}"

firewall-cmd --reload
firewall-cmd --get-ipsets
firewall-cmd --ipset="${v_ipset_name}" --get-entries
		

命令行

firewall-cmd --permanent --new-ipset=nc_22 --type=hash:ip
firewall-cmd --permanent --ipset=nc_22 --add-entry=192.168.200.108
firewall-cmd --reload
firewall-cmd --permanent --add-rich-rule "rule family=""ipv4"" source ipset="nc_22" port port=22 protocol=tcp accept"

再次给规则中添加新的ip只需要如下操作

firewall-cmd --permanent --ipset=nc_22 --add-entry=IP
firewall-cmd --reload