iptables(防火墙)和selinux详情
程序员文章站
2022-06-23 11:58:10
一·iptables
1)检查防火墙的状态
centos7中防火墙服务名称为firewalld,不再是iptables
[root@localhost ~]# syst...
一·iptables
1)检查防火墙的状态
centos7中防火墙服务名称为firewalld,不再是iptables
[root@localhost ~]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since 一 2017-12-11 13:48:25 CST; 3 days ago //如果显示running代表防火墙当前正在运行 Main PID: 721 (firewalld) CGroup: /system.slice/firewalld.service └─721 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid 12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... 12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.
2)如果想运行某些服务,需要设置防火墙,默认大多数服务请求不允许传入防火墙
3)如果某些服务配置防火墙较为繁琐,那么我们可以禁用它
[root@localhost ~]# systemctl stop firewalld //停止当前服务 [root@localhost ~]# systemctl disable firewalld //取消防火墙服务的开机自启动 rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service' [root@localhost ~]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: inactive (dead) //已经停止(不活跃的) 12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... 12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. 12月 14 23:10:14 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... 12月 14 23:10:15 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.二·selinux
1)显示selinux的安全类型
一共分为一下三种
1.enforceing //强制开启 2.disabled //强制关闭 3.permissive //记录报警信息,不会阻拦
[root@localhost ~]# getenforce //查看当前安全类型 Disabled
2)如果因为某些原因(例如服务去只在本地安全的网络上运行)而不需要开启 则可以向一下方式禁用它
[root@localhost ~]# vim /etc/selinux/config //config文件 # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled //关闭 # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@localhost ~]# reboot
推荐阅读
-
linux防火墙iptables规则的查看、添加、删除和修改方法总结
-
网络防火墙之iptables的前世今生和归宿 iptables防火墙运维
-
centos下iptables防火墙规则用法和概述
-
Iptables防火墙(SNAT和DNAT)
-
iptables(防火墙)和selinux详情
-
【E20200101-1】Centos 7.x 关闭防火墙(firewall)和SELinux
-
linux防火墙iptables规则的查看、添加、删除和修改方法总结
-
Linux下搭建Web环境关闭iptables和selinux,能保证安全吗?
-
【E20200101-1】Centos 7.x 关闭防火墙(firewall)和SELinux
-
Linux下搭建Web环境关闭iptables和selinux,能保证安全吗?