CentOS 6/7敞开防火墙和SELinux
[TOC]
CentOS 7之后默认应用的是firewall作为防火墙,如果切换到iptables首先应该关掉默认的firewalld,而后装置iptables服务。
一、CentOS7中敞开防火墙firewalld
1、长期敞开(下次开机启动,主动启动防火墙)
[root@localhost ~]# systemctl stop firewalld
2、查看防火墙状态
#查看默认防火墙状态(敞开后显示notrunning,开启后显示running)
[root@localhost ~ ]# firewall-cmd --state
running
绿的Active: active (running)
示意防火墙开启
[root@localhost test]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 三 2020-09-23 17:36:45 CST; 5h 36min ago
Docs: man:firewalld(1)
Main PID: 875 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─875 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
9月 23 17:36:43 localhost.localdomain systemd[1]: Starting firewalld - dynami...
9月 23 17:36:45 localhost.localdomain systemd[1]: Started firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.
3、永恒敞开防火墙(开机启动时不在启动)
[root@localhost ~]# systemctl disable firewalld
4、永恒开启防火墙
[root@localhost ~]# systemctl enable firewalld.service
二、CentOS6中敞开防火墙Iptables
1、永久性失效,重启后不会还原
开启:
chkconfig iptables on
敞开:
chkconfig iptables off
2、长期敞开
service iptables stop #进行iptables
3、长期开启
service iptables start
三、敞开SElinux
1、查看selinux状态
#permissive模式是长期敞开,enforcing模式是长期关上,disabled模式是永恒敞开
[root@localhost ~]# getenforce
Enforcing 示意启动
#如果SELinux status参数为enabled即为开启状态
[root@localhost test]# /usr/sbin/sestatus -v
SELinux status: enabled
2、长期敞开
长期关上SELinux setenforce 1
[root@localhost ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ] 1示意启动,0示意敞开
[root@localhost ~]# setenforce 0 长期敞开
[root@localhost ~]# getenforce 查看状态
Permissive 敞开状态
3、永恒敞开(批改配置文件,即可永恒敞开)
永恒敞开SELinux:设置为disabled
永恒关上SELinux:设置为enabled
[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing 批改为"SELINUX=disabled"
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
四、查看防火墙状态及开启敞开命令 存在以下两种形式
一、service形式
查看防火墙状态:service iptables status
iptables:未运行防火墙。
开启防火墙: service iptables start
敞开防火墙: service iptables stop
二、iptables形式
先进入init.d目录,命令如下:
[root@centos6 ~]# cd /etc/init.d/
[root@centos6 init.d]#
而后
查看防火墙状态:
[root@centos6 init.d]# /etc/init.d/iptables status
临时敞开防火墙:
[root@centos6 init.d]# /etc/init.d/iptables stop
重启iptables:
[root@centos6 init.d]# /etc/init.d/iptables restart