Linux防火墙配置001
Linux防火墙主要用于控制网络流量,保护系统安全。在Linux中,有几种不同的防火墙管理工具,其中最常见的是
iptables
和firewalld。本章主要讲述如何关闭防火墙。
操作系统:
CentOS Stream 9
操作步骤:
关闭防火墙,selinux ,22行 SELINUX=disabled
[root@localhost ~]# cat -n /etc/sysconfig/selinux
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 # See also:
8 # http://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes
9 #
10 # NOTE: Up to RHEL 8 release included, SELINUX=disabled would also
11 # fully disable SELinux during boot. If you need a system with SELinux
12 # fully disabled instead of SELinux running with no policy loaded, you
13 # need to pass selinux=0 to the kernel command line. You can use grubby
14 # to persistently set the bootloader to boot with selinux=0:
15 #
16 # grubby --update-kernel ALL --args selinux=0
17 #
18 # To revert back to SELinux enabled:
19 #
20 # grubby --update-kernel ALL --remove-args selinux
21 #
22 SELINUX=disabled 此处注意
23 # SELINUXTYPE= can take one of these three values:
24 # targeted - Targeted processes are protected,
25 # minimum - Modification of targeted policy. Only selected processes are protected.
26 # mls - Multi Level Security protection.
27 SELINUXTYPE=targeted
28
29
[root@localhost ~]# cat -n /etc/selinux/config
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 # See also:
8 # http://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes
9 #
10 # NOTE: Up to RHEL 8 release included, SELINUX=disabled would also
11 # fully disable SELinux during boot. If you need a system with SELinux
12 # fully disabled instead of SELinux running with no policy loaded, you
13 # need to pass selinux=0 to the kernel command line. You can use grubby
14 # to persistently set the bootloader to boot with selinux=0:
15 #
16 # grubby --update-kernel ALL --args selinux=0
17 #
18 # To revert back to SELinux enabled:
19 #
20 # grubby --update-kernel ALL --remove-args selinux
21 #
22 SELINUX=disabled #注意
23 # SELINUXTYPE= can take one of these three values:
24 # targeted - Targeted processes are protected,
25 # minimum - Modification of targeted policy. Only selected processes are protected.
26 # mls - Multi Level Security protection.
27 SELINUXTYPE=targeted
28
29
firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]#
重启服务器
[root@localhost ~]#reboot
查询防火墙是否关闭
[root@localhost ~]# sestatus
SELinux status: disabled
[root@localhost ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: >
Active: inactive (dead)
Docs: man:firewalld(1)
[root@localhost ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@localhost ~]#