Linux防火墙配置001

        Linux防火墙主要用于控制网络流量，保护系统安全。在Linux中，有几种不同的防火墙管理工具，其中最常见的是iptables和firewalld。本章主要讲述如何关闭防火墙。

操作系统：

CentOS Stream 9

操作步骤：

关闭防火墙，selinux  ,22行    SELINUX=disabled   

​
[root@localhost ~]# cat -n /etc/sysconfig/selinux1	2	# This file controls the state of SELinux on the system.3	# SELINUX= can take one of these three values:4	#     enforcing - SELinux security policy is enforced.5	#     permissive - SELinux prints warnings instead of enforcing.6	#     disabled - No SELinux policy is loaded.7	# See also:8	# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes9	#10	# NOTE: Up to RHEL 8 release included, SELINUX=disabled would also11	# fully disable SELinux during boot. If you need a system with SELinux12	# fully disabled instead of SELinux running with no policy loaded, you13	# need to pass selinux=0 to the kernel command line. You can use grubby14	# to persistently set the bootloader to boot with selinux=0:15	#16	#    grubby --update-kernel ALL --args selinux=017	#18	# To revert back to SELinux enabled:19	#20	#    grubby --update-kernel ALL --remove-args selinux21	#22	SELINUX=disabled    此处注意23	# SELINUXTYPE= can take one of these three values:24	#     targeted - Targeted processes are protected,25	#     minimum - Modification of targeted policy. Only selected processes are protected.26	#     mls - Multi Level Security protection.27	SELINUXTYPE=targeted28	
29	
​
[root@localhost ~]# cat -n /etc/selinux/config1	2	# This file controls the state of SELinux on the system.3	# SELINUX= can take one of these three values:4	#     enforcing - SELinux security policy is enforced.5	#     permissive - SELinux prints warnings instead of enforcing.6	#     disabled - No SELinux policy is loaded.7	# See also:8	# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes9	#10	# NOTE: Up to RHEL 8 release included, SELINUX=disabled would also11	# fully disable SELinux during boot. If you need a system with SELinux12	# fully disabled instead of SELinux running with no policy loaded, you13	# need to pass selinux=0 to the kernel command line. You can use grubby14	# to persistently set the bootloader to boot with selinux=0:15	#16	#    grubby --update-kernel ALL --args selinux=017	#18	# To revert back to SELinux enabled:19	#20	#    grubby --update-kernel ALL --remove-args selinux21	#22	SELINUX=disabled    #注意23	# SELINUXTYPE= can take one of these three values:24	#     targeted - Targeted processes are protected,25	#     minimum - Modification of targeted policy. Only selected processes are protected.26	#     mls - Multi Level Security protection.27	SELINUXTYPE=targeted28	
29	​​​

firewalld

[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# 

重启服务器

[root@localhost ~]#reboot

查询防火墙是否关闭

[root@localhost ~]# sestatus
SELinux status:                 disabled
[root@localhost ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: >Active: inactive (dead)Docs: man:firewalld(1)
[root@localhost ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         
[root@localhost ~]#