!!!先启动 firewalld.service 再启动 docker.serivce
已经启动 docker.service 的启动 firewalld.service 后重启 docker.service
Master: 不限制网段
#!/bin/sh
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --permanent --add-port=65535/tcp
firewall-cmd --permanent --add-port=8472/udp
firewall-cmd --permanent --add-port=68/udp
firewall-cmd --permanent --add-port=8118/tcp
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=10200-10300/tcp
firewall-cmd --permanent --add-port=2370-2390/tcp
firewall-cmd --permanent --add-port=323/udp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=4443/tcp
firewall-cmd --permanent --add-port=25/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=9100/udp
firewall-cmd --permanent --add-port=9090/udp
firewall-cmd --permanent --zone=trusted --change-interface=docker0
firewall-cmd --permanent --zone=trusted --change-interface=cni0
firewall-cmd --reload
firewall-cmd --list-all
Master: 限制网段
#!/bin/sh
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --permanent --add-port=65535/tcp
firewall-cmd --permanent --add-port=68/udp
firewall-cmd --permanent --add-port=8118/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --zone=trusted --change-interface=docker0
firewall-cmd --permanent --zone=trusted --change-interface=cni0
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="25"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="6443"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="2370-2390"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="10240-10260"accept"
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="4443"accept"
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="443"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="53"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="8472"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="323"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="123"accept"
firewall-cmd --reload
firewall-cmd --list-all
Nodes: 限制网段
#!/bin/sh
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --permanent --add-port=65535/tcp
firewall-cmd --permanent --add-port=68/udp
firewall-cmd --permanent --add-port=8118/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --change-interface=docker0
firewall-cmd --permanent --change-interface=cni0
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="25"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="2370-2390"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="tcp"port="10240-10260"accept"
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="4443"accept"
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="443"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="53"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="8472"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="323"accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4"source address="192.168.40.0/24"port protocol="udp"port="123"accept"
firewall-cmd --reload
firewall-cmd --list-all