注: 搭建服务前须关闭防火墙(否则会导致服务无法访问)
一、firewalld 防火墙
查看 firewalld 防火墙状态:systemctl status firewalld
关闭 firewall 防火墙 systemctl stop firewalld
二、SELinux 防火墙
简介:
SELinux(Security-Enhanced Linux) 是美国国家安全局(NSA)对于强制访问控制的实现,是 Linux历史上最杰出的新安全子系统。
SELinux 分三种模式:
Enforcing(强制模式)、Permissive(警告模式)、Disabled(关闭模式)
查看防火墙当前状态:getenforce
# 关闭 SELinux 防火墙
vim /etc/selinux/config # 编辑 selinux 防火墙的配置文件
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing # 需将此处更改为 disabled(默认为 enforcing)
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
更改完后输入命令使其生效 setenforce 0