问题描述
安装oracle rac时需要将各节点的linux的selinux禁用,关闭防火墙
环境介绍
Linux linux12.6.18-308.el5 #1 SMP Fri Jan 27 17:17:51 EST 2012 x86_64 x86_64 x86_64GNU/Linux
解决方法
查看当前selinux状态
# getenforce
Enforcing #当前selinux是开启状态
查看当前防火墙状态
# /etc/rc.d/init.d/iptables status #下面显示内容证明防火墙是开启状态
表格:filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
禁用selinux
# vi/etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinuxsecurity policy is enforced.
# permissive - SELinuxprints warnings instead of enforcing.
# disabled - SELinux isfully disabled.
SELINUX=enforcing #将此处修改为SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Onlytargeted network daemons are protected.
# strict - Full SELinuxprotection.
SELINUXTYPE=targeted
关闭防火墙
# /etc/rc.d/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
然后,针对下一次服务器重新引导关闭 UDP ICMP 拒绝(应该始终被关闭):
# chkconfig iptables off
重新启动操作系统
# init 6
验证结果
# /etc/rc.d/init.d/iptablesstatus
Firewall is stopped.
# getenforce
Disabled