添加允许WAF访问443端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="《WAF地址》" port protocol="tcp" port="443" accept'
添加拒绝所有ip访问443端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port protocol="tcp" port="443" reject'
添加允许WAF访问80端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="《WAF地址》" port protocol="tcp" port="80" accept'
添加拒绝所有ip访问80端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port protocol="tcp" port="80" reject'
重启防火墙以应用
firewall-cmd --reload
查询防火墙信息:
[root@149 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="x.x.x.x" port port="443" protocol="tcp" accept
rule family="ipv4" port port="443" protocol="tcp" reject
rule family="ipv4" source address="x.x.x.x" port port="80" protocol="tcp" accept
rule family="ipv4" port port="80" protocol="tcp" reject