#啓動防火牆
systemctl start firewalld
#查看規則
firewall-cmd --zone=public --list-rich-rules
#刪除規則(將原有規則全部刪除)
firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="100.122.0.0/24" port port="1-65535" protocol="tcp" accept'
#添加新規則,匹配IP是100.122開始的所有機器,可以訪問1-65535端口。/16表示100和122精準匹配,0.0的範圍是0-255.0-255模糊匹配
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="100.122.0.0/16" port protocol="tcp" port="1-65535" accept"
#重啓防火牆
firewall-cmd --reload