CentOS 6/7關(guān)閉防火墻和SELinux

[TOC]

CentOS 7之后默認(rèn)使用的是firewall作為防火墻,如果切換到iptables首先應(yīng)該關(guān)掉默認(rèn)的firewalld帝雇，然后安裝iptables服務(wù)山上。

一狸眼、CentOS7中關(guān)閉防火墻firewalld

1涧黄、臨時(shí)關(guān)閉（下次開機(jī)啟動傻咖，自動啟動防火墻）

 [root@localhost ~]# systemctl stop firewalld

2披粟、查看防火墻狀態(tài)

#查看默認(rèn)防火墻狀態(tài)（關(guān)閉后顯示notrunning若专，開啟后顯示running）
[root@localhost ~ ]# firewall-cmd --state
running
綠的Active: active (running)
表示防火墻開啟
[root@localhost test]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since 三 2020-09-23 17:36:45 CST; 5h 36min ago
     Docs: man:firewalld(1)
 Main PID: 875 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           └─875 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

9月 23 17:36:43 localhost.localdomain systemd[1]: Starting firewalld - dynami...
9月 23 17:36:45 localhost.localdomain systemd[1]: Started firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.

3豁翎、永久關(guān)閉防火墻（開機(jī)啟動時(shí)不在啟動）

[root@localhost ~]# systemctl disable firewalld

4、永久開啟防火墻

[root@localhost ~]# systemctl enable firewalld.service

二投蝉、CentOS6中關(guān)閉防火墻Iptables

1养葵、永久性生效，重啟后不會復(fù)原

開啟：

chkconfig iptables on  

關(guān)閉：

chkconfig iptables off  

2瘩缆、臨時(shí)關(guān)閉

service iptables stop #停止iptables 

3关拒、臨時(shí)開啟

service iptables start 

三、關(guān)閉SElinux

1庸娱、查看selinux狀態(tài)

#permissive模式是臨時(shí)關(guān)閉着绊，enforcing模式是臨時(shí)打開，disabled模式是永久關(guān)閉
 [root@localhost ~]# getenforce 
 Enforcing         表示啟動

#如果SELinux status參數(shù)為enabled即為開啟狀態(tài)
[root@localhost test]# /usr/sbin/sestatus -v
SELinux status:                 enabled
　

2熟尉、臨時(shí)關(guān)閉
臨時(shí)打開SELinux setenforce 1

[root@localhost ~]# setenforce 
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]     1表示啟動归露，0表示關(guān)閉
[root@localhost ~]# setenforce 0                          臨時(shí)關(guān)閉
[root@localhost ~]# getenforce                            查看狀態(tài)
Permissive                                                關(guān)閉狀態(tài)

3、永久關(guān)閉（修改配置文件臣樱，即可永久關(guān)閉）

永久關(guān)閉SELinux：設(shè)置為disabled
永久打開SELinux：設(shè)置為enabled

 [root@localhost ~]# vi /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing         修改為"SELINUX=disabled"
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

四靶擦、查看防火墻狀態(tài)及開啟關(guān)閉命令 存在以下兩種方式

一、service方式

查看防火墻狀態(tài)：service iptables status

iptables：未運(yùn)行防火墻雇毫。


開啟防火墻： service iptables start

關(guān)閉防火墻： service iptables stop


二玄捕、iptables方式

先進(jìn)入init.d目錄，命令如下：

[root@centos6 ~]# cd /etc/init.d/

[root@centos6 init.d]#

然后

查看防火墻狀態(tài)：

[root@centos6 init.d]# /etc/init.d/iptables status

暫時(shí)關(guān)閉防火墻：

[root@centos6 init.d]# /etc/init.d/iptables stop

重啟iptables：

[root@centos6 init.d]# /etc/init.d/iptables restart