[root@hanfeng-001 ~]# vi /etc/selinux/config
将SELINUX=enforcing更改为SELINUX=disabled
然后在重启系统,就会永久关闭selinux
(若是将SELINUXTYPE=targeted 这里更改了,就会无法开启系统!!!千万注意)
[root@hanfeng-001 ~]# getenforce
Enforcing
[root@hanfeng-001 ~]# setenforce 0 //临时关闭
[root@hanfeng-001 ~]# getenforce
Permissive
[root@hanfeng-001 ~]#
关闭firewalld
[root@hf-01 ~]# systemctl disable firewalld //停掉firewalld,就是限制开机启动
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@hf-01 ~]# systemctl stop firewalld //关闭firewalld服务
开启netfilter
在开启之前,需要先安装一个iptables-services包
[root@hf-01 ~]# yum install -y iptables-services
[root@hf-01 ~]# systemctl enable iptables //设置开启激动
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@hf-01 ~]# systemctl start iptables //开启iptables服务
[root@hf-01 ~]#
[root@hf-01 ~]# iptables -nvL //查看默认规则
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
35 2436 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 22 packets, 3152 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#