Linux为指定ip开放/关闭端口

cat /var/log/secure | awk '/Failed password/{print $(NF-3), $1,$2}' | sort | uniq -c | sort -nr

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address=95.19.175.62 port port=22 protocol=tcp drop"

firewall-cmd --reload

# ！/bin/bash
# author:zxf
# drop ip from port 22
if [ $1 ];
then
        drop_ip=$1
        firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='${drop_ip}' port port=22 protocol=tcp drop"
        firewall-cmd --reload
fi
echo "This is list rich rules"
firewall-cmd --zone=public --list-rich-rules

sh dropIP22.sh 189.140.134.170

#!/bin/bash
# author:zxf
# for test convenient, accept 2 parames, first is ip, second is "add" or "remove"
port1=3306
port2=80
port3=7890
port4=9200
port5=8000

if [ $1 ];
then
        ip=$1;
        strategy=$2;
        firewall-cmd --permanent --$strategy-rich-rule="rule family='ipv4' source address=$ip port port=$port1 protocol=tcp accept "
        firewall-cmd --permanent --$strategy-rich-rule="rule family='ipv4' source address=$ip port port=$port2 protocol=tcp accept "
        firewall-cmd --permanent --$strategy-rich-rule="rule family='ipv4' source address=$ip port port=$port3 protocol=tcp accept "
        firewall-cmd --permanent --$strategy-rich-rule="rule family='ipv4' source address=$ip port port=$port4 protocol=tcp accept "
        firewall-cmd --permanent --$strategy-rich-rule="rule family='ipv4' source address=$ip port port=$port5 protocol=tcp accept "
        firewall-cmd --reload
fi
echo "Rich rules below:"
firewall-cmd --list-all