欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

iptables(防火墙)和selinux详情

程序员文章站 2022-03-23 09:37:30
一·iptables 1)检查防火墙的状态 centos7中防火墙服务名称为firewalld,不再是iptables [root@localhost ~]# syst...
一·iptables

1)检查防火墙的状态

centos7中防火墙服务名称为firewalld,不再是iptables

[root@localhost ~]# systemctl status firewalld 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since 一 2017-12-11 13:48:25 CST; 3 days ago         //如果显示running代表防火墙当前正在运行
 Main PID: 721 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─721 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

2)如果想运行某些服务,需要设置防火墙,默认大多数服务请求不允许传入防火墙
3)如果某些服务配置防火墙较为繁琐,那么我们可以禁用它

[root@localhost ~]# systemctl stop firewalld                   //停止当前服务
[root@localhost ~]# systemctl disable firewalld                //取消防火墙服务的开机自启动
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'              
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ~]# systemctl status firewalld                 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)                                      //已经停止(不活跃的)

12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
12月 14 23:10:14 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
12月 14 23:10:15 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
二·selinux

1)显示selinux的安全类型
一共分为一下三种

1.enforceing                        //强制开启
2.disabled                          //强制关闭
3.permissive                        //记录报警信息,不会阻拦
[root@localhost ~]# getenforce             //查看当前安全类型
Disabled

2)如果因为某些原因(例如服务去只在本地安全的网络上运行)而不需要开启 则可以向一下方式禁用它

[root@localhost ~]# vim /etc/selinux/config                        //config文件
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled                                                    //关闭
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot