Linux网络基础设定selinux/iptable/firewall
Posted firsttry
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux网络基础设定selinux/iptable/firewall相关的知识,希望对你有一定的参考价值。
Linux下安全相关的设定,CentOS7下,缺省的情况下,selinux/iptable/firewall都是打开的。虽然安全生产重于泰山,但是由于规则设定较为繁琐,在学习的时候造成麻烦,尤其是学习新的工具或者练习网络编程的时候,消耗很多时间资源最终发现跟系统网络防火墙或者iptable规则相关的时候,这种经验真的是生命的浪费。所以建议网络不太熟悉的上来就把这老三件关了吧,一了百了。
firewall
确认状态
[[email protected] ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2016-08-07 11:10:44 EDT; 6min ago
Main PID: 9767 (firewalld)
Memory: 21.7M
CGroup: /system.slice/firewalld.service
mq9767 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Aug 07 11:10:33 host32 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 07 11:10:44 host32 systemd[1]: Started firewalld - dynamic firewall daemon.
[[email protected] ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
停止防火墙
[root@host32 ~]# systemctl stop firewalld
[root@host32 ~]#
- 1
- 2
停止开机自启
[root@host32 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@host32 ~]#
- 1
- 2
- 3
- 4
iptables
确认状态
[[email protected] ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[[email protected] ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
清除所有规则
[root@host32 ~]# iptables -F
[root@host32 ~]#
- 1
- 2
Selinux
确认状态
[[email protected] ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[[email protected] ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
关闭selinux
设定文件名 | /etc/selinux/config |
---|
设定内容
将config中SELINUX=enforcing改为SELINUX=disabled即可
[[email protected] selinux]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[[email protected] selinux]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
重新启动机器
再分享一下我老师大神的人工智能教程吧。零基础!通俗易懂!风趣幽默!还带黄段子!希望你也加入到我们人工智能的队伍中来!https://blog.csdn.net/jiangjunshow
以上是关于Linux网络基础设定selinux/iptable/firewall的主要内容,如果未能解决你的问题,请参考以下文章