设置防火墙安全策略规则：允许指定ip访问服务器指定端口

#!/bin/bash
setip=(`mysql -ueisc -p'eisc.cn' -e "show databases;use eisc_;select status,address from setip" | grep setip | awk -F" " '{print $2}'`); 
echo "查询数据库：来自web提交申请访问服务器的所有IP：" ${setip[*]}


for i in ${setip[*]}
do
catip=$(cat /etc/firewalld/zones/public.xml | grep $i | wc -l)
if [ $catip -lt 1 ]; then
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$i" port protocol="tcp" port="22" accept  "
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$i" port protocol="tcp" port="21" accept  "
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$i" port protocol="tcp" port="80" accept "
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$i" port protocol="tcp" port="443" accept "
# 允许ip访问指定端口
#echo "AllowUsers root@$i" >> /etc/ssh/sshd_config
echo "added successfully $i"
else
echo "IP: $i add repeatedly "
fi
done
firewall-cmd --reload