iptables（防火墙）和selinux详情

1）检查防火墙的状态

centos7中防火墙服务名称为firewalld，不再是iptables

[root@localhost ~]# systemctl status firewalld 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since 一 2017-12-11 13:48:25 CST; 3 days ago         //如果显示running代表防火墙当前正在运行
 Main PID: 721 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─721 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

2）如果想运行某些服务，需要设置防火墙，默认大多数服务请求不允许传入防火墙
3）如果某些服务配置防火墙较为繁琐，那么我们可以禁用它

[root@localhost ~]# systemctl stop firewalld                   //停止当前服务
[root@localhost ~]# systemctl disable firewalld                //取消防火墙服务的开机自启动
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'              
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ~]# systemctl status firewalld                 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)                                      //已经停止（不活跃的）

12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
12月 14 23:10:14 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
12月 14 23:10:15 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

1）显示selinux的安全类型
一共分为一下三种

1.enforceing                        //强制开启
2.disabled                          //强制关闭
3.permissive                        //记录报警信息，不会阻拦

[root@localhost ~]# getenforce             //查看当前安全类型
Disabled

2）如果因为某些原因（例如服务去只在本地安全的网络上运行）而不需要开启 则可以向一下方式禁用它

[root@localhost ~]# vim /etc/selinux/config                        //config文件
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled                                                    //关闭
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot