CentOS7.X关闭防火墙方案
2021-04-28 本文已影响0人
明训
背景说明
通过服务发布服务的过程中配置防火墙规则相对复杂,不配置又导致应用无法访问,应用的安全性通常通过硬件厂商的防火墙解决,应用层面不太需要关注防火墙,这里提供关闭应用服务器关闭防火墙的方案。
解决方案
查看状态
方式一
[root@sis01 zkui2.0]# systemctl list-unit-files|grep firewalld.service
firewalld.service enabled
方式二
[root@sis01 zkui2.0]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-05-25 16:25:39 CST; 2 days ago
Docs: man:firewalld(1)
Main PID: 1151 (firewalld)
CGroup: /system.slice/firewalld.service
└─1151 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
May 25 16:25:38 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
May 25 16:25:39 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
方式三
[root@sis01 zkui2.0]# firewall-cmd --state
not running
[root@sis01 zkui2.0]#
以上表示防火墙为开启状态
停止命令
[root@sis01 zkui2.0]# systemctl stop firewalld.service
禁用命令
[root@sis01 zkui2.0]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@sis01 zkui2.0]#
关闭selinux
[root@sis01 zkui2.0] setenforce 0
编辑配置文件/etc/selinux/config
[root@sis01 zkui2.0] vim /etc/selinux/config
原始文件内容
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
调整后的文件内容
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
也可以使用如下命令完成替换
sed -i "s/enforcing/disabled/g" /etc/selinux/config
