1、关闭默认防火墙

  1. 禁用防火墙
service firewalld stop  或  systemctl stop firewalld.service
  1. 开启防火墙
service firewalld start  或  systemctl start firewalld.service
  1. 重启防火墙
service firewalld start  或  systemctl restart firewalld.service
  1. 禁止防火墙开机启动
systemctl disable firewalld.service

==查看默认防火墙状态:firewall-cmd --state(关闭后显示 notrunning ,开启后显示 running )==

2、安装 iptables 防火墙

yum install -y iptables-services

3、设置 iptables 防火墙规则

  1. 编辑文件
vim /etc/sysconfig/iptables
  1. 加入如下代码
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT    #开启22端口访问
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT    #开启80端口访问
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT  #...
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

4、管理 iptables 服务

  1. 重启服务
service iptables restart
或者
systemctl restart iptables.service
  1. 设置防火墙开机启动
systemctl enable iptables.service

5、关闭SELINUX

  1. 修改配置
vi /etc/selinux/config
#SELINUX=enforcing              #注释掉
#SELINUXTYPE=targeted           #注释掉
SELINUX=disabled                #增加该行

保存退出
  1. 设置生效
setenforce 0                    #使配置立即生效
%23%23%23%23%201%E3%80%81%E5%85%B3%E9%97%AD%E9%BB%98%E8%AE%A4%E9%98%B2%E7%81%AB%E5%A2%99%0A%0A1.%20%E7%A6%81%E7%94%A8%E9%98%B2%E7%81%AB%E5%A2%99%0A%60%60%60%0Aservice%20firewalld%20stop%20%20%E6%88%96%20%20systemctl%20stop%20firewalld.service%0A%60%60%60%0A2.%20%E5%BC%80%E5%90%AF%E9%98%B2%E7%81%AB%E5%A2%99%0A%60%60%60%0Aservice%20firewalld%20start%20%20%E6%88%96%20%20systemctl%20start%20firewalld.service%0A%60%60%60%0A3.%20%E9%87%8D%E5%90%AF%E9%98%B2%E7%81%AB%E5%A2%99%0A%60%60%60%0Aservice%20firewalld%20start%20%20%E6%88%96%20%20systemctl%20restart%20firewalld.service%0A%60%60%60%0A%0A%0A%0A4.%20%E7%A6%81%E6%AD%A2%E9%98%B2%E7%81%AB%E5%A2%99%E5%BC%80%E6%9C%BA%E5%90%AF%E5%8A%A8%0A%0A%60%60%60%0Asystemctl%20disable%20firewalld.service%0A%60%60%60%0A%0A%3D%3D%E6%9F%A5%E7%9C%8B%E9%BB%98%E8%AE%A4%E9%98%B2%E7%81%AB%E5%A2%99%E7%8A%B6%E6%80%81%EF%BC%9Afirewall-cmd%20--state%EF%BC%88%E5%85%B3%E9%97%AD%E5%90%8E%E6%98%BE%E7%A4%BA%20notrunning%20%EF%BC%8C%E5%BC%80%E5%90%AF%E5%90%8E%E6%98%BE%E7%A4%BA%20running%20%EF%BC%89%3D%3D%0A%0A%0A%23%23%23%23%202%E3%80%81%E5%AE%89%E8%A3%85%20iptables%20%E9%98%B2%E7%81%AB%E5%A2%99%0A%0A%60%60%60%0Ayum%20install%20-y%20iptables-services%0A%60%60%60%0A%0A%23%23%23%23%203%E3%80%81%E8%AE%BE%E7%BD%AE%20iptables%20%E9%98%B2%E7%81%AB%E5%A2%99%E8%A7%84%E5%88%99%0A%0A1.%20%E7%BC%96%E8%BE%91%E6%96%87%E4%BB%B6%0A%60%60%60%0Avim%20%2Fetc%2Fsysconfig%2Fiptables%0A%60%60%60%0A%0A2.%20%E5%8A%A0%E5%85%A5%E5%A6%82%E4%B8%8B%E4%BB%A3%E7%A0%81%0A%0A%60%60%60%0A%23%20sample%20configuration%20for%20iptables%20service%0A%23%20you%20can%20edit%20this%20manually%20or%20use%20system-config-firewall%0A%23%20please%20do%20not%20ask%20us%20to%20add%20additional%20ports%2Fservices%20to%20this%20default%20configuration%0A*filter%0A%3AINPUT%20ACCEPT%20%5B0%3A0%5D%0A%3AFORWARD%20ACCEPT%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-m%20state%20--state%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-j%20ACCEPT%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20state%20--state%20NEW%20-m%20tcp%20--dport%2022%20-j%20ACCEPT%20%20%20%20%23%E5%BC%80%E5%90%AF22%E7%AB%AF%E5%8F%A3%E8%AE%BF%E9%97%AE%0A-A%20INPUT%20-p%20tcp%20-m%20state%20--state%20NEW%20-m%20tcp%20--dport%2080%20-j%20ACCEPT%20%20%20%20%23%E5%BC%80%E5%90%AF80%E7%AB%AF%E5%8F%A3%E8%AE%BF%E9%97%AE%0A-A%20INPUT%20-p%20tcp%20-m%20state%20--state%20NEW%20-m%20tcp%20--dport%203306%20-j%20ACCEPT%20%20%23...%0A-A%20INPUT%20-j%20REJECT%20--reject-with%20icmp-host-prohibited%0A-A%20FORWARD%20-j%20REJECT%20--reject-with%20icmp-host-prohibited%0ACOMMIT%0A%60%60%60%0A%0A%23%23%23%23%204%E3%80%81%E7%AE%A1%E7%90%86%20iptables%20%E6%9C%8D%E5%8A%A1%0A%0A1.%20%E9%87%8D%E5%90%AF%E6%9C%8D%E5%8A%A1%0A%0A%60%60%60%0Aservice%20iptables%20restart%0A%E6%88%96%E8%80%85%0Asystemctl%20restart%20iptables.service%0A%60%60%60%0A%0A2.%20%E8%AE%BE%E7%BD%AE%E9%98%B2%E7%81%AB%E5%A2%99%E5%BC%80%E6%9C%BA%E5%90%AF%E5%8A%A8%0A%0A%60%60%60%0Asystemctl%20enable%20iptables.service%0A%60%60%60%0A%23%23%23%23%205%E3%80%81%E5%85%B3%E9%97%ADSELINUX%0A%0A1.%20%E4%BF%AE%E6%94%B9%E9%85%8D%E7%BD%AE%0A%60%60%60%0Avi%20%2Fetc%2Fselinux%2Fconfig%0A%23SELINUX%3Denforcing%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%E6%B3%A8%E9%87%8A%E6%8E%89%0A%23SELINUXTYPE%3Dtargeted%20%20%20%20%20%20%20%20%20%20%20%23%E6%B3%A8%E9%87%8A%E6%8E%89%0ASELINUX%3Ddisabled%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%E5%A2%9E%E5%8A%A0%E8%AF%A5%E8%A1%8C%0A%0A%E4%BF%9D%E5%AD%98%E9%80%80%E5%87%BA%0A%60%60%60%0A2.%20%E8%AE%BE%E7%BD%AE%E7%94%9F%E6%95%88%0A%0A%60%60%60%0Asetenforce%200%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%E4%BD%BF%E9%85%8D%E7%BD%AE%E7%AB%8B%E5%8D%B3%E7%94%9F%E6%95%88%0A%60%60%60%0A