View current firewall rules
firewall-cmd --list-all (查看所有规则)
Open/close a port so that all IPs can/cannot be accessed
open
firewall-cmd --add-port=2375 --permanent
firewall-cmd --reload
shut down
firewall-cmd --remove-port=2375 --permanent
firewall-cmd --reload
A port of a specified host can only be accessed through a specified IP (for example, Docker services can only be accessed by specifying their own IP)
Add to
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="81.70.240.72" port protocol="tcp" port="2375" accept"
firewall-cmd --reload
Specifies the current host only allows 81.70.240.72
access to 2375
the port, which can only see the IP, operating Docker services, other IP not and will not pass.
delete
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="81.70.240.72" port protocol="tcp" port="2375" accept"
firewall-cmd --reload