linux fire防火墙关闭,CentOS 7.5关闭FireWall 和SELinux图文详解

1. 环境

CentOS 7.5 ，本人选择最完整版安装(workstation选项)

2. 关闭FireWall和SELinux

2.1 FireWall

使用systemctl status firewalld查看防火墙的状态，如下(默认开启)

[linuxidc@localhost ~]$ systemctl status firewalld

// 防火墙状态

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

Active: active (running) since 二 2018-11-13 14:40:53 CST; 11min ago

Docs: man:firewalld(1)

Main PID: 821 (firewalld)

Tasks: 2

CGroup: /system.slice/firewalld.service

└─821 /usr/bin/Python -Es /usr/sbin/firewalld --nofork --nopid

11月 13 14:40:51 localhost.localdomain systemd[1]: Starting firewalld - dyna...

11月 13 14:40:53 localhost.localdomain systemd[1]: Started firewalld - dynam...

Hint: Some lines were ellipsized, use -l to show in full.

如果你需要使用FireWall服务(正式环境下)，则需要修改它的配置，因为在默认情况下，它会拦截大多数服务请求。具体可以参考配置firewalld服务的基本操作和设置。

如果由于某些原因(比如本文只是需要Linux服务器来搭建某些服务，不想控制防火墙只开放某些端口)等而不需要FireWall服务，则可以像下面那样停止并禁用它。

// 关闭服务

[linuxidc@localhost ~]$ systemctl stop firewalld

// 关闭开机自动开启FireWall服务

[linuxidc@localhost ~]$ systemctl disable firewalld

Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.Fedoraproject.FirewallD1.service.

2.2 关闭SELinux

可以用getenforce 查看SELinux的状态，如下(默认开启)

[linuxidc@localhost ~]$ getenforce

//开启状态

Enforcing

同上，如果你想使用SELinux也可以。但是本人不想那么麻烦，所以把SELinux也关闭了。

[linuxidc@localhost ~]$ sudo nano /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#    enforcing - SELinux security policy is enforced.

#    permissive - SELinux prints warnings instead of enforcing.

#    disabled - No SELinux policy is loaded.

// 这里改变为disabled

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

#    targeted - Targeted processes are protected,

#    minimum - Modification of targeted policy. Only selected processes are protected.

#    mls - Multi Level Security protection.

SELINUXTYPE=targeted

// 重启使配置生效

[linuxidc@localhost ~]# reboot

3. 一点错误

使用root权限用户操作