Linux网络基础设定selinux/iptable/firewall

Posted firsttry

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux网络基础设定selinux/iptable/firewall相关的知识,希望对你有一定的参考价值。

Linux下安全相关的设定,CentOS7下,缺省的情况下,selinux/iptable/firewall都是打开的。虽然安全生产重于泰山,但是由于规则设定较为繁琐,在学习的时候造成麻烦,尤其是学习新的工具或者练习网络编程的时候,消耗很多时间资源最终发现跟系统网络防火墙或者iptable规则相关的时候,这种经验真的是生命的浪费。所以建议网络不太熟悉的上来就把这老三件关了吧,一了百了

firewall

确认状态

[[email protected] ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2016-08-07 11:10:44 EDT; 6min ago
 Main PID: 9767 (firewalld)
   Memory: 21.7M
   CGroup: /system.slice/firewalld.service
           mq9767 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Aug 07 11:10:33 host32 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 07 11:10:44 host32 systemd[1]: Started firewalld - dynamic firewall daemon.
[[email protected] ~]#
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

停止防火墙

[root@host32 ~]# systemctl stop firewalld
[root@host32 ~]#
  • 1
  • 2

停止开机自启

[root@host32 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@host32 ~]#
  • 1
  • 2
  • 3
  • 4

iptables

确认状态

[[email protected] ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[[email protected] ~]#
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

清除所有规则

[root@host32 ~]# iptables -F
[root@host32 ~]#
  • 1
  • 2

Selinux

确认状态

[[email protected] ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[[email protected] ~]#
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

关闭selinux

设定文件名/etc/selinux/config

设定内容
将config中SELINUX=enforcing改为SELINUX=disabled即可

[[email protected] selinux]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[[email protected] selinux]#
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

重新启动机器

再分享一下我老师大神的人工智能教程吧。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow


以上是关于Linux网络基础设定selinux/iptable/firewall的主要内容,如果未能解决你的问题,请参考以下文章

Linux 网络侦错:无法联机原因分析

令人抓狂的Linux桥接设定奇遇

linux 网络接口,ip地址,路由设定

Linux--IP基础知识 网关设定 dns服务

linux学习笔记——IP网关DNS的认识与设定网络端口监测

2018-04-25 《鸟哥的Linux私房菜 基础学习篇(第四版)》 第20章 基础系统设定与备份策略