Suse 防火墙

suse 11防火墙

环境

SUSE Linux Enterprise Server 11 SP3 (x86_64)

启动和关闭防火墙服务

#停止服务
node01:~ # rcSuSEfirewall2 stop
#或
node01:~ # service SuSEfirewall2_init stop   
node01:~ # service SuSEfirewall2_setup stop   
Shutting down the Firewall     

#查看服务状态
node01:~ # service SuSEfirewall2_init status 
Checking the status of SuSEfirewall2                                                                                                              running
node01:~ # service SuSEfirewall2_setup status 
Checking the status of SuSEfirewall2                                                                                                              running
#或
node01:~ # service SuSEfirewall2_setup status
Checking the status of SuSEfirewall2                                                                                                              running

#启动服务
node01:~ # rcSuSEfirewall2 start
Starting Firewall Initialization (phase 2 of 2)                                                                                                   done
#或
node01:~ # service SuSEfirewall2_init start 
Starting Firewall Initialization (phase 1 of 2)
node01:~ # service SuSEfirewall2_setup start 
Starting Firewall Initialization (phase 2 of 2) 

#设置开机自启动
node01:~ # chkconfig SuSEfirewall2_init on
insserv: Service network is missed in the runlevels 4 to use service nimbus
node01:~ # chkconfig SuSEfirewall2_setup on
insserv: Service network is missed in the runlevels 4 to use service nimbus

#关闭开机自启动
node01:~ # chkconfig SuSEfirewall2_setup off
node01:~ # chkconfig SuSEfirewall2_init off

#查看开机启动情况
node01:~ # chkconfig SuSEfirewall2_init --list 
SuSEfirewall2_init        0:off  1:off  2:off  3:off  4:off  5:off  6:off
node01:~ # chkconfig SuSEfirewall2_setup --list  
SuSEfirewall2_setup       0:off  1:off  2:off  3:off  4:off  5:off  6:off

suse 12防火墙

环境

SUSE Linux Enterprise Server 12 SP3 (x86_64)

启动和关闭防火墙服务

#关闭防火墙
systemctl stop SuSEfirewall2.service
#取消开机启动防火墙
systemctl disable SuSEfirewall2.service

#开启防火墙
systemctl enable SuSEfirewall2.service
#开机启动防火墙
systemctl start SuSEfirewall2.service

#查看状态
systemctl status SuSEfirewall2.service

问题： suse11 防火墙关不掉

环境

SUSE Linux Enterprise Server 11 SP3 (x86_64)

现象

#执行防火墙服务关闭命令后，服务状态仍为running
node01:~ # service SuSEfirewall2_init status 
Checking the status of SuSEfirewall2                                                                                                              running
node01:~ # service SuSEfirewall2_init stop   
node01:~ # service SuSEfirewall2_setup stop   
Shutting down the Firewall                                                                                                                        done
node01:~ # service SuSEfirewall2_setup status
Checking the status of SuSEfirewall2                                                                                                              running

分析

可能原因为防火墙服务卡死，解决访问为找到防火墙服务对应的进程，kill掉对应的进程

#根据服务名关键词查找进程不存在
node01:~ # ps -ef |grep -i wall
root     11053  8735  0 11:22 pts/1    00:00:00 grep -i wall
node01:~ # ps -ef |grep -i fire
root     11063  8735  0 11:22 pts/1    00:00:00 grep -i fire
node01:~ # 

查看日志
/var/log/message

#执行关闭服务时，message中报错如下
node01:~ # tailf /var/log/message
Jan 18 12:15:16 node01 SuSEfirewall2: /var/lock/SuSEfirewall2.booting exists which means system boot in progress, exit.

#/var/lock/SuSEfirewall2.booting 文件存在导致服务停止失败
#查看文件对应的进程
node01:~ # fuser /var/lock/SuSEfirewall2.booting 
node01:~ # 
#没有进程，说明该文件无关联进程，删除文件
node01:~ # rm -f /var/lock/SuSEfirewall2.booting 
#再次关闭服务即可
node01:~ # rcSuSEfirewall2 stop
node01:~ # rcSuSEfirewall2 status               
Checking the status of SuSEfirewall2                                                                                                              unused

反思

解决问题思路

问问题

1. 该问题什么时候出现的？
2. 问题出现之前正常吗？
3. 问题出现之前有做变更吗？出现后有做变更吗？如有，具体什么变更？

分析问题

先看对应的日志，根据日志分析可能的原因

解决问题