当前位置: 移动技术网 > IT编程>数据库>Mysql > iptables(防火墙)和selinux详情

iptables(防火墙)和selinux详情

2017年12月18日  | 移动技术网IT编程  | 我要评论
一·iptables

1)检查防火墙的状态

centos7中防火墙服务名称为firewalld,不再是iptables

[root@localhost ~]# systemctl status firewalld 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since 一 2017-12-11 13:48:25 CST; 3 days ago         //如果显示running代表防火墙当前正在运行
 Main PID: 721 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─721 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

2)如果想运行某些服务,需要设置防火墙,默认大多数服务请求不允许传入防火墙
3)如果某些服务配置防火墙较为繁琐,那么我们可以禁用它

[root@localhost ~]# systemctl stop firewalld                   //停止当前服务
[root@localhost ~]# systemctl disable firewalld                //取消防火墙服务的开机自启动
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'              
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ~]# systemctl status firewalld                 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)                                      //已经停止(不活跃的)

12月 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
12月 14 23:10:14 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
12月 14 23:10:15 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
二·selinux

1)显示selinux的安全类型
一共分为一下三种

1.enforceing                        //强制开启
2.disabled                          //强制关闭
3.permissive                        //记录报警信息,不会阻拦
[root@localhost ~]# getenforce             //查看当前安全类型
Disabled

2)如果因为某些原因(例如服务去只在本地安全的网络上运行)而不需要开启 则可以向一下方式禁用它

[root@localhost ~]# vim /etc/selinux/config                        //config文件
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled                                                    //关闭
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot

您可能感兴趣的文章:

如对本文有疑问, 点击进行留言回复!!

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网