3-7. iptables (firewall) & selinux

Keywords: firewall SELinux iptables Python

I. iptables

1) Check the status of the firewall

The firewall service name in centos7 is firewalld, no longer iptables

[root@localhost ~]# systemctl status firewalld 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since One 2017-12-11 13:48:25 CST; 3 days ago         //If running is displayed, it means the firewall is currently running
 Main PID: 721 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─721 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

12month 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12month 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

2) If you want to run some services, you need to set up a firewall. By default, most service requests are not allowed to enter the firewall
3) If some services are cumbersome to configure a firewall, we can disable it

[root@localhost ~]# systemctl stop firewalld                   //Stop the current service
[root@localhost ~]# systemctl disable firewalld                //Cancel the startup of firewall service
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'              
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ~]# systemctl status firewalld                 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)                                      //Stopped (inactive)

12month 11 13:48:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12month 11 13:48:25 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
12month 14 23:10:14 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
12month 14 23:10:15 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.

2. selinux

1) Show selinux security types
There are three kinds

1.enforceing                        //Forced on
2.disabled                          //Force close
3.permissive                        //Record alarm information without blocking
[root@localhost ~]# getenforce             //View the current security type
Disabled

2) If the service does not need to be turned on for some reason (such as the service running only on the local security network), it can be disabled in the following way

[root@localhost ~]# vim /etc/selinux/config                        //config file
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled                                                    //Close
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot

Posted by Adam W on Sun, 10 May 2020 09:00:35 -0700