Linux8.3 防火墻
阿新 • • 發佈:2017-11-29
mod ont 控制 工具 cte enable emd oot ...
防火墻firewalld
關閉selinux
[root@chyuanliuNJ ~]# setenforce 0 setenforce: SELinux is disabled [root@chyuanliuNJ ~]# vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@chyuanliuNJ ~]# getenforce Disabled
centos7之前使用netfilter防火墻,之後開始使用firewalld防火墻,防火墻機制不太一樣,但是工具用法iptables一樣。兩個防火墻都要懂。
netfilter使用,可以在7上關閉firewalld開啟netfilter。
[root@chyuanliuNJ ~]# systemctl disable firewalld [root@chyuanliuNJ ~]# systemctl stop firewalld [root@chyuanliuNJ ~]# yum install -y iptables-services ... ... [root@chyuanliuNJ ~]# systemctl enable iptables Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. [root@chyuanliuNJ ~]# systemctl start iptables
netfilter5表5鏈介紹
netfilter的5個表
filter表用於過濾包,最常用的表,有INPUT、FORWARD、OUTPUT三個鏈
nat表用於網絡地址轉換,有PREROUTING、OUTPUT、POSTROUTING三個鏈
managle表用於給數據包做標記,幾乎用不到
raw表可以實現不追蹤某些數據包,不常用。
security表在CentOS6中並沒有,用於強制訪問控制(MAC)的網絡規則,不常用。
參考文獻 http://www.cnblogs.com/metoy/p/4320813.html
Linux8.3 防火墻