关闭selinux
[root@chyuanliuNJ ~]# setenforce 0 setenforce: SELinux is disabled [root@chyuanliuNJ ~]# vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@chyuanliuNJ ~]# getenforce Disabled
centos7之前使用netfilter防火墙,之后开始使用firewalld防火墙,防火墙机制不太一样,但是工具用法iptables一样。两个防火墙都要懂。
netfilter使用,可以在7上关闭firewalld开启netfilter。
[root@chyuanliuNJ ~]# systemctl disable firewalld [root@chyuanliuNJ ~]# systemctl stop firewalld [root@chyuanliuNJ ~]# yum install -y iptables-services ... ... [root@chyuanliuNJ ~]# systemctl enable iptables Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. [root@chyuanliuNJ ~]# systemctl start iptables
netfilter的5个表
filter表用于过滤包,最常用的表,有INPUT、FORWARD、OUTPUT三个链
nat表用于网络地址转换,有PREROUTING、OUTPUT、POSTROUTING三个链
managle表用于给数据包做标记,几乎用不到
raw表可以实现不追踪某些数据包,不常用。
security表在CentOS6中并没有,用于强制访问控制(MAC)的网络规则,不常用。
参考文献 http://www.cnblogs.com/metoy/p/4320813.html
原文:http://www.cnblogs.com/chyuanliu/p/7922767.html