一、防火墙配置
1、检测并关闭系统默认的防火墙firewall
[plain] view plain copy
- systemctl status firewalld.service #检测是否开启了firewall
- systemctl stop firewalld.service #关闭firewall
- sytsemctl disable firewalld.service #关闭禁止firewall开机自启
2、检测并安装iptables
[plain] view plain copy
- yum install iptables-services
将规则写入iptables配置文件
[plain] view plain copy
- vim /etc/sysconfig/iptables
iptables文件内容:
[plain] view plain copy
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
- -A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
- -A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
- -A INPUT -j REJECT –reject-with icmp-host-prohibited
- -A FORWARD -j REJECT –reject-with icmp-host-prohibited
- COMMIT
重启iptable服务:
[plain] view plain copy
- systemctl restart iptables.service
使iptable服务开机自启:
[plain] view plain copy
- systemctl enable iptables.service
二、关闭SELINUX
[plain] view plain copy
- vim /etc/selinux/config
修改为:
[plain] view plain copy
- #SELINUX=enforcing #注释掉
- #SELINUXTYPE=targeted #注释掉
- SELINUX=disabled #增加
使配置立即生效:
[plain] view plain copy
- setenforce 0