Linux防火墙
linux6.x
防火墙会影响通信,默认是拒绝所有。
[root@redhat6 sysconfig]# chkconfig iptables --list
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@redhat6 sysconfig]# service iptables status //查看防火墙状态
iptables: Firewall is not running.
[root@redhat6 sysconfig]# service iptables start //启动防火墙
iptables: Applying firewall rules: [ OK ]
[root@redhat6 sysconfig]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@redhat6 sysconfig]# service iptables stop //关闭防火墙
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@redhat6 sysconfig]# service iptables status
iptables: Firewall is not running.
[root@redhat6 sysconfig]# chkconfig iptables off //关闭防护墙开机自启动
[root@redhat6 sysconfig]# chkconfig iptables --list
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@redhat6 sysconfig]#
selinux
selinux 美国NSA国家安全局设计的策略,旨意为将Linux中的文件分类并打标签,让不同的网络服务只能访问自己的文件,其他文件不能访问,这样就算某个服务被攻陷,也不会造成数据全部泄密
-----------------------------
永久关闭selinux
vi /etc/selinux/config
SELINUX=enforcing
改成
SELINUX=disabled
重启
[root@redhat6 ~]# getenforce
Disabled
-----------------------------
[root@redhat6 ~]# setenforce 0 //临时关闭selinux
[root@redhat6 ~]# getenforce
Permissive
[root@redhat6 ~]# chkconfig iptables off //关闭开机启动selinux
[root@redhat6 ~]# chkconfig iptables --list