0
点赞
收藏
分享

微信扫一扫

CentOS 7 - 系统安全

kmoon_b426 2022-06-14 阅读 81

firewalld

添加http服务到例外

firewall-cmd --permanent --add-service=http
firewall-cmd --reload
firewall-cmd --list-services

添加tcp/80端口到例外

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
firewall-cmd --list-ports

添加tcp/5900-5910端口到例外

firewall-cmd --permanent --add-port=5900-5910/tcp
firewall-cmd --reload
firewall-cmd --list-ports

其他

firewall-cmd --get-services
firewall-cmd --get-zones
firewall-cmd --get-default-zone
firewall-cmd --permanent --zone=public --add-service=http

拒绝某一个IP访问

# 添加
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.10.15' reject"
# 移除
firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='192.168.10.15' reject"


SELINUX

查看SELINUX状态

getenforce

临时关闭SELINUX

setenforce 0

永久关闭SELINUX(修改配置文件/etc/selinux/config)

注意:!!!不要修改SELINUXTYPE

SELINUX=permissive


sed -i "/^SELINUXTYPE/c SELINUXTYPE=disabled" /etc/selinux/config


iptables(CentOS 6)

service iptables start
service iptables stop
service iptables status
chkconfig iptables on
chkconfig iptables off
chkconfig | grep iptables


举报

相关推荐

0 条评论