Linux网络基础设定selinux/iptable/firewall

Linux下安全相关的设定，CentOS7下，缺省的情况下，selinux/iptable/firewall都是打开的。虽然安全生产重于泰山，但是由于规则设定较为繁琐，在学习的时候造成麻烦，尤其是学习新的工具或者练习网络编程的时候，消耗很多时间资源最终发现跟系统网络防火墙或者iptable规则相关的时候，这种经验真的是生命的浪费。所以建议网络不太熟悉的上来就把这老三件关了吧，一了百了。

firewall

确认状态

[root@host32 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2016-08-07 11:10:44 EDT; 6min ago
 Main PID: 9767 (firewalld)
   Memory: 21.7M
   CGroup: /system.slice/firewalld.service
           mq9767 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Aug 07 11:10:33 host32 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 07 11:10:44 host32 systemd[1]: Started firewalld - dynamic firewall daemon.
[root@host32 ~]#

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

停止防火墙

[root@host32 ~]# systemctl stop firewalld
[root@host32 ~]#

• 1
• 2

停止开机自启

[root@host32 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@host32 ~]#

• 1
• 2
• 3
• 4

iptables

确认状态

[root@host32 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@host32 ~]#

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10

清除所有规则

[root@host32 ~]# iptables -F
[root@host32 ~]#

• 1
• 2

Selinux

确认状态

[root@host32 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
[root@host32 ~]#

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11

关闭selinux

设定文件名	/etc/selinux/config

设定内容
将config中SELINUX=enforcing改为SELINUX=disabled即可

[root@host32 selinux]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@host32 selinux]#

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16

重新启动机器

再分享一下我老师大神的人工智能教程吧。零基础！通俗易懂！风趣幽默！还带黄段子！希望你也加入到我们人工智能的队伍中来！https://blog.csdn.net/jiangjunshow