opendocker.sh

#!/bin/bash

ADDR=$1

echo $ADDR

firewall-cmd --permanent --zone=drop --add-rich-rule="
  rule family='ipv4'
  source address=${ADDR}
  port protocol='tcp' port='2377' accept"
  
firewall-cmd --permanent --zone=drop --add-rich-rule="
  rule family='ipv4'
  source address=${ADDR}
  port protocol='tcp' port='7946' accept"
  
firewall-cmd --permanent --zone=drop --add-rich-rule="
  rule family='ipv4'
  source address=${ADDR}
  port protocol='udp' port='7946' accept"
  
firewall-cmd --permanent --zone=drop --add-rich-rule="
  rule family='ipv4'
  source address=${ADDR}
  port protocol='udp' port='4789' accept"

opendocker2.sh

#!/bin/bash

ADDR=$1

echo $ADDR

iptables -I INPUT -p tcp -s $ADDR --dport 2377 -j ACCEPT
iptables -I INPUT -p tcp -s $ADDR --dport 7946 -j ACCEPT
iptables -I INPUT -p udp -s $ADDR --dport 7946 -j ACCEPT
iptables -I INPUT -p udp -s $ADDR --dport 4789 -j ACCEPT

firewall-cmd --zone=drop --add-service=ssh --permanent
firewall-cmd --zone=drop --change-interface=eth0
firewall-cmd --set-default-zone=drop
firewall-cmd --reload

firewall-cmd --list-all | grep 'rule fam' | xargs -L 1 -I{} -- firewall-cmd --permanent --zone=drop --remove-rich-rule='{}'