linux永久關閉防火牆命令

A. linux闃茬伀澧欏叧闂鍜屽紑鍚鍛戒護linux闃茬伀澧欏叧闂

linux濡備綍鍏抽棴闃茬伀澧欙紵

rhel6鍏抽棴闃茬伀澧欑殑鏂規硶涓猴細serviceiptablesstatus鏌ョ湅褰撳墠闃茬伀澧欑姸鎬1.姘鎬箙鎬х敓鏁堝紑鍚錛歝hkconfigiptableson鍏抽棴錛歝hkconfigiptablesoff2.鍗蟲椂鐢熸晥錛岄噸鍚鍚庡け鏁堝紑鍚錛歴erviceiptablesstart鍏抽棴錛歴erviceiptablesstoprhel7鍏抽棴闃茬伀澧欑殑鏂規硶媯鑰呬負錛歴ystemctlstatusfirewalld鏌ョ湅褰撳墠闃茬伀澧欑姸鎬1.姘鎬箙鎬х敓鏁堝紑鍚錛歴ystemctlenablefirewalld鍏抽棴錛歴ystemctldisablefirewalld2.鍗蟲椂鐢熸晥錛岄噸鍚鍚庡け鏁堝紑鍚錛歴ystemctlstartfirewalld鍏抽棴錛歴ystemctlstopfirewalld

linux濡備綍鍏抽棴nginx闃茬伀澧欙紵

Linux鍏抽棴Nginx闃茬伀澧欑殑鍛戒護鏄錛氭や婦鍚

firewall-cmd--remove-port=80/tcp--permanent

firewall-cmdreload

systemctlrestartfirewalld.service

linux6.0淇鏀歸槻鐏澧欒劇疆錛

鏀筁inux緋葷粺闃茬伀澧欓厤緗闇瑕佷慨鏀/etc/sysconfig/iptables榪欎釜鏂囦歡

vim/etc/sysconfig/iptables

鍦╲im緙栬緫鍣錛屼細鐪嬪埌涓嬬瓟鏍擱潰鐨勫唴瀹

#-config-firewall

#.

*filter

:INPUTACCEPT

:FORWARDACCEPT

:OUTPUTACCEPT

-AINPUT-mstate--stateESTABLISHED,RELATED-jACCEPT

-AINPUT-picmp-jACCEPT

-AINPUT-ilo-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport22-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport8080-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport3306-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport2181-jACCEPT

-AINPUT-jREJECT--reject-withicmp-host-prohibited

-AFORWARD-jREJECT--reject-withicmp-host-prohibited

COMMIT

闇瑕佸紑鏀劇鍙ｏ紝璇峰湪閲岄潰娣誨姞涓鏉′竴涓嬪唴瀹瑰嵆鍙:

-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport1521-jACCEPT

鍏朵腑1521鏄瑕佸紑鏀劇殑絝鍙ｅ彿錛岀劧鍚庨噸鏂板惎鍔╨inux鐨勯槻鐏澧欐湇鍔°

Linux涓嬪仠姝/鍚鍔ㄩ槻鐏澧欐湇鍔＄殑鍛戒護(root鐢ㄦ埛浣跨敤)錛

serviceiptablesstop--鍋滄

serviceiptablesstart--鍚鍔

鍐欏湪鏈鍚:

#姘鎬箙鎬х敓鏁堬紝閲嶅惎鍚庝笉浼氬嶅師

chkconfigiptableson#寮鍚

chkconfigiptablesoff#鍏抽棴

#鍗蟲椂鐢熸晥錛岄噸鍚鍚庡嶅師

serviceiptablesstart#寮鍚

serviceiptablesstop#鍏抽棴

Linux鍐呮牳鎻愪緵闃茬伀澧欏悧錛

鎻愪緵

SElinux鏄鍩轟簬鍐呮牳寮鍙戝嚭鏉ョ殑涓縐嶅畨鍏ㄦ満鍒訛紝琚縐頒箣涓哄唴鏍哥駭鍔犲己鍨嬮槻鐏澧欙紝鏈夊姏鐨勬彁鍗囦簡緋葷粺鐨勫畨鍏ㄦс

SElinux鐨勪綔鐢ㄥ垎涓轟袱鏂歸潰錛1.鍦ㄦ湇鍔′笂闈㈠姞涓婃爣絳撅紱2.鍦ㄥ姛鑳戒笂闈㈤檺鍒跺姛鑳

鍦╨inux緋葷粺涓浣跨敤getenforce鍛戒護鍙浠ユ煡鐪媠elinux鐨勭姸鎬侊細

disabled涓哄叧闂鐘舵侊紝瀵規湇鍔″拰鍔熻兘閮芥病鏈夐檺鍒

enforcing涓哄己鍒剁姸鎬侊紝瀵規湇鍔″拰鍔熻兘閮借繘琛岄檺鍒

linux涓鎬庢牱鏌ョ湅闃茬伀澧欐槸鍚﹀叧闂浜嗭紵

璇︾粏姝ラゅ備笅錛

1銆佹墦寮Linux緋葷粺榪涘叆妗岄潰錛岀偣鍑諱笂鏂硅彍鍗曟爮澶勩愮郴緇熴戦夐」錛

2銆佸湪寮瑰嚭鐨勮彍鍗曟爮涓錛屼緷嬈＄偣鍑匯愮＄悊銆戱紝銆愰槻鐏澧欍戦夐」錛

3銆佽繘鍏ラ槻鐏澧欑晫闈錛岃緭鍏ョ敤鎴峰瘑鐮侊紝榪涜屽畨鍏ㄩ獙璇侊紱

4銆佽繛鎺ユ湇鍔″櫒鍚庯紝杈撳叆璇鍙モ榮erviceiptablesstatus鈥欙紝鍥炶濺錛屼細鏄劇ず闃茬伀澧欑姸鎬侊紱

5銆佽緭鍏ヨ鍙モ榗hkconfigiptableson鈥欙紝鍙浠ュ紑鍚闃茬伀澧欍傛垨鑰呬嬌鐢ㄨ鍙モ榗hkconfigiptablesoff鈥欙紝鍏抽棴闃茬伀澧欙紝闇瑕侀噸鍚鍚庣敓鏁堛

B. 鎬庝箞鍏抽棴linux闃茬伀澧欏叧闂璴inux闃茬伀澧

linux濡備綍鍏抽棴闃茬伀澧欙紵

rhel6鍏抽棴闃茬伀澧欑殑鏂規硶涓猴細serviceiptablesstatus鏌ョ湅褰撳墠闃茬伀澧欑姸鎬1.姘鎬箙鎬х敓鏁堝紑鍚錛歝hkconfigiptableson鍏抽棴錛歝hkconfigiptablesoff2.鍗蟲椂鐢熸晥錛岄噸鍚鍚庡け鏁堝紑鍚錛歴erviceiptablesstart鍏抽棴錛歴erviceiptablesstoprhel7鍏抽棴闃茬伀澧欑殑鏂規硶涓猴細systemctlstatusfirewalld鏌ョ湅褰撳墠闃茬伀澧欑姸鎬1.姘鎬箙鎬х敓鏁堝紑鍚錛歴ystemctlenablefirewalld鍏抽棴錛歴ystemctldisablefirewalld2.鍗蟲椂鐢熸晥錛岄噸鍚鍚庡け鏁堝紑鍚錛歴ystemctlstartfirewalld鍏抽棴錛歴ystemctlstopfirewalld

Linux榪滅▼鐧婚檰闇瑕佸叧闂闃茬伀澧欏槢錛

闇瑕佸叧闂闃茬伀杞鑰呭

鎴戝湪涓繪満鍜岃櫄鎷熸満涓婅繘琛屼簡榪炴帴嫻嬭瘯錛宨p鍜宲ort閮芥病鏈夐棶棰橈紝JMX絝鍙ｄ篃璁劇疆浜嗛槻鐏澧欏紑鏀撅紝浣嗗氨鏄涓嶆垚鍔

鍚庢潵鏌ヨ繃璧勬枡鍙戠幇鏄鍥犱負闄よ厞甯嗚柉浜咼MXserver鎸囧畾鐨勭洃鍚絝鍙ｅ彿澶栵紝杞挎棶JMXserver榪樹細鐩戝惉涓鍒頒袱涓闅忔満絝鍙ｅ彿錛岃繖浜涚鍙ｅ彿閮芥槸闅忔満鍒嗛厤鐨勶紝鍙鏈夊叧闂闃茬伀澧欐墠鑳芥垚鍔熻繛鎺ャ

linux闃茬伀澧欑殑鍚鍔ㄥ拰鍏抽棴鐨勫懡浠ゆ槸浠涔堬紵

LINUX緋葷粺鍏抽棴闃茬伀澧欑殑姝ラゅ備笅錛

1.棣栧厛鎵撳紑SSH杞浠訛紝鎸夊洖杞﹂敭灝變細鎻愮ず浣犺繘琛岀櫥褰曪紝杈撳叆IP鍜岀敤鎴峰悕榪涜岀櫥褰曘

2.鎵ц屽懡浠わ細/etc/init.d/iptablesstatus錛屼細寰楀埌涓緋誨垪淇℃伅錛岃存槑闃茬伀澧欏紑鐫銆

3.鎵ц屽懡浠わ細/etc/init.d/iptablesstop錛屽仠姝㈡湇鍔°

4.鎵ц屽懡浠わ細chkconfig--levels35iptablesoff錛屽叧闂闃茬伀澧欐湇鍔″紑鏈哄惎鍔ㄣ傝繖鏍峰氨瑙ｅ喅浜哃INUX緋葷粺鍏抽棴闃茬伀澧欑殑闂棰樹簡銆

linux6.0淇鏀歸槻鐏澧欒劇疆錛

鏀筁inux緋葷粺闃茬伀澧欓厤緗闇瑕佷慨鏀/etc/sysconfig/iptables榪欎釜鏂囦歡

vim/etc/sysconfig/iptables

鍦╲im緙栬緫鍣錛屼細鐪嬪埌涓嬮潰鐨勫唴瀹

#-config-firewall

#.

*filter

:INPUTACCEPT

:FORWARDACCEPT

:OUTPUTACCEPT

-AINPUT-mstate--stateESTABLISHED,RELATED-jACCEPT

-AINPUT-picmp-jACCEPT

-AINPUT-ilo-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport22-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport8080-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport3306-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport2181-jACCEPT

-AINPUT-jREJECT--reject-withicmp-host-prohibited

-AFORWARD-jREJECT--reject-withicmp-host-prohibited

COMMIT

闇瑕佸紑鏀劇鍙ｏ紝璇峰湪閲岄潰娣誨姞涓鏉′竴涓嬪唴瀹瑰嵆鍙:

-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport1521-jACCEPT

鍏朵腑1521鏄瑕佸紑鏀劇殑絝鍙ｅ彿錛岀劧鍚庨噸鏂板惎鍔╨inux鐨勯槻鐏澧欐湇鍔°

Linux涓嬪仠姝/鍚鍔ㄩ槻鐏澧欐湇鍔＄殑鍛戒護(root鐢ㄦ埛浣跨敤)錛

serviceiptablesstop--鍋滄

serviceiptablesstart--鍚鍔

鍐欏湪鏈鍚:

#姘鎬箙鎬х敓鏁堬紝閲嶅惎鍚庝笉浼氬嶅師

chkconfigiptableson#寮鍚

chkconfigiptablesoff#鍏抽棴

#鍗蟲椂鐢熸晥錛岄噸鍚鍚庡嶅師

serviceiptablesstart#寮鍚

serviceiptablesstop#鍏抽棴

C. 鍏抽棴闃茬伀澧檒inux鍛戒護

浠ヤ笅鏄鍏抽棴闃茬伀澧檒inux鍛戒護銆
鏆傛椂鍏抽棴闃茬伀澧欙紝浣跨敤浠ヤ笅鍛戒護錛歴udosystemctlstopfirewalld姘鎬箙鍏抽棴闃茬伀澧欙細sudosystemctldisablefirewalld闃茬伀澧欐槸淇濇姢緋葷粺瀹夊叏鐨勯噸瑕佺粍鎴愰儴鍒嗭紝鍏抽棴闃茬伀澧欎細浣跨郴緇熼潰涓村簡鐨鍚勭嶅畨鍏ㄩ庨櫓銆傚湪鍏抽棴闃茬伀澧欎箣鍓嶏紝紜淇濅簡瑙ｆ墍鎵挎媴鐨勯庨櫓宸炲皹錛屽苟涓旇獕榪瑰樊宸茬粡閲囧彇浜嗗叾浠栧繀瑕佺殑瀹夊叏鎺鏂姐

D. linux關閉防火牆命令

關閉防火牆的linux命令是【service iptables stop】，打開方法：首先登錄linux賬號，點擊【log in】；然後右鍵於Linux系統空白處，選擇 【Open in Terminal】；最後輸入代碼即可。

red hat/CentOs7關閉防火牆的命令!

1:查看防火狀態

systemctl status firewalld

service iptablesstatus

2:暫時關閉防火牆

systemctl stop firewalld

service iptablesstop

3:永久關閉防火牆

systemctl disable firewalld

chkconfig iptables off

4:重啟防火牆

systemctl enable firewalld

service iptables restart

5:永久關閉後重啟

//暫時還沒有試過

chkconfig iptableson

E. LINUX緋葷粺鎬庝箞鍏抽棴闃茬伀澧

LINUX緋葷粺鎬庝箞鍏抽棴闃茬伀澧?
鎵璋撻槻鐏澧欐寚鐨勬槸涓涓鐢辮蔣浠跺拰紜浠惰懼囩粍鍚堣屾垚銆佸湪鍐呴儴緗戝拰澶栭儴緗戜箣闂淬佷笓鐢ㄧ綉涓庡叕鍏辯綉涔嬮棿鐨勬ā奼鐣岄潰涓婃瀯閫犵殑淇濇姢灞忛殰.鏄涓縐嶈幏鍙栧畨鍏ㄦф柟娉曠殑褰㈣薄璇存硶錛屽畠鏄涓縐嶈＄畻鏈虹‖浠跺拰杞浠剁殑緇撳悎錛屼嬌Internet涓嶪ntranet涔嬮棿寤虹珛璧蜂竴涓瀹夊叏緗戝叧銆
涓嬮潰錛屾垜浠灝變竴璧鋒潵鐪嬬湅鍚!
(1) 閲嶅惎鍚庢案涔呮х敓鏁堬細
寮鍚錛歝hkconfig iptables on
鍏抽棴錛歝hkconfig iptables off
(2) 鍗蟲椂鐢熸晥錛岄噸鍚鍚庡け鏁堬細
寮鍚錛歴ervice iptables start
鍏抽棴錛歴ervice iptables stop
闇瑕佽存槑鐨勬槸瀵逛簬Linux涓嬬殑鍏跺畠鏈嶅姟閮藉彲浠ョ敤浠ヤ笂鍛戒護鎵ц屽紑鍚鍜屽叧闂鎿嶄綔銆
鍦ㄥ紑鍚浜嗛槻鐏澧欐椂錛屽仛濡備笅璁劇疆錛屽紑鍚鐩稿叧絝鍙ｏ紝
淇鏀/etc/sysconfig/iptables 鏂囦歡錛屾坊鍔犱互涓嬪唴瀹癸細
-A RH-Firewall-1-INPUT -m state 鈥斺攕tate NEW -m tcp -p tcp 鈥斺攄port 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state 鈥斺攕tate NEW -m tcp -p tcp 鈥斺攄port 22 -j ACCEPT
鎴栬咃細
/etc/init.d/iptables status 浼氬緱鍒頒竴緋誨垪淇℃伅錛岃存槑闃茬伀澧欏紑鐫銆
/etc/rc.d/init.d/iptables stop 鍏抽棴闃茬伀澧
鏈鍚庯細
鍦ㄦ牴鐢ㄦ埛涓嬭緭鍏setup錛岃繘鍏ヤ竴涓鍥懼艦鐣岄潰錛岄夋嫨Firewall configuration錛岃繘鍏ヤ笅涓鐣岄潰錛岄夋嫨Security Level涓篋isabled錛屼繚瀛樸傞噸鍚鍗沖彲銆
======================================================
fedora涓
/etc/init.d/iptables stop
=======================================================
ubuntu涓嬶細
鐢變簬UBUNTU娌℃湁鐩稿叧鐨勭洿鎺ュ懡浠
璇風敤濡備笅鍛戒護
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
鏆傛椂寮鏀炬墍鏈夌鍙
Ubuntu涓婃病鏈夊叧闂璱ptables鐨勫懡浠
=======================================================
iptables 鏄痩inux涓嬩竴嬈懼己澶х殑闃茬伀澧欙紝鍦ㄤ笉鑰冭檻鏁堢巼鐨勬儏鍐典笅錛屽姛鑳藉己澶у埌瓚沖彲浠ユ浛浠ｅぇ澶氭暟紜浠墮槻鐏澧欙紝浣嗘槸寮哄ぇ鐨勯槻鐏澧欏傛灉搴旂敤涓嶅綋錛屽彲鑳芥尅浣忕殑鍙涓嶅厜鏄閭ｄ簺娼滃湪鐨勬敾鍑伙紝榪樻湁鍙鑳芥槸浣犺嚜宸卞摝銆傝繖涓甯︽潵鐨勫嵄瀹沖逛簬鏅閫氱殑涓浜篜C鏉ヨ村彲鑳芥棤鍏崇揣瑕侊紝浣嗘槸鎯寵薄涓涓嬶紝濡傛灉榪欐槸涓鍙版湇鍔″櫒錛屼竴鏃﹀彂鐢熻繖鏍風殑鎯呭喌錛屼笉鍏夋槸褰辨棪鎷嶄粩闄㈡ｅ父鐨勬湇鍔★紝榪橀渶瑕佸埌鐜板満鍘繪仮澶嶏紝榪欎細緇欎綘甯︽潵澶氬皯鎹熷け鍛?
鎵浠ユ垜鎯寵寸殑鏄錛屽綋浣犳暡鍏ユ瘡涓涓猧ptables 鐩稿叧鍛戒護鐨勬椂鍊欓兘瑕佷竾鍒嗗皬蹇冦
1.搴旂敤姣忎竴涓瑙勫垯鍒癉ROP target鏃訛紝閮借佷粩緇嗘鏌ヨ勫垯錛屽簲鐢ㄤ箣鍓嶈佽冭檻浠栫粰浣犲甫鏉ョ殑褰卞搷銆
2.鍦╮edhat涓鎴戜滑鍙浠ヤ嬌鐢╯ervice iptables stop鏉ュ叧闂闃茬伀澧欙紝浣嗘槸鍦ㄦ湁浜涚増鏈濡倁buntu涓榪欎釜鍛戒護鍗翠笉璧蜂綔鐢錛屽ぇ瀹跺彲鑳藉湪緗戜笂鎼滅儲鍒頒笉灝戞枃絝犲憡璇変綘鐢╥ptables -F榪欎釜鍛戒護鏉ュ叧闂闃茬伀澧欙紝浣嗘槸浣跨敤榪欎釜鍛戒護鍓嶏紝鍗冧竾璁板緱鐢╥ptables -L鏌ョ湅涓涓嬩綘鐨勭郴緇熶腑鎵鏈夐摼鐨勯粯璁target錛宨ptables -F榪欎釜鍛戒護鍙鏄娓呴櫎鎵鏈夎勫垯錛屽彧涓嶄細鐪熸ｅ叧闂璱ptables.鎯寵薄涓涓嬶紝濡傛灉浣犵殑閾鵑粯璁target鏄疍ROP錛屾湰鏉ヤ綘鏈夎勫垯鏉ュ厑璁鎬竴浜涚壒瀹氱殑絝鍙ｏ紝 浣嗕竴鏃﹀簲鐢╥ptables -L 錛屾竻闄や簡鎵鏈夎勫垯浠ュ悗錛岄粯璁ょ殑target灝變細璐轟緧闃繪浠諱綍璁塊棶錛屽綋鐒跺寘鎷榪滅▼ssh綆＄悊鏈嶅姟鍣ㄧ殑浣犮
鎵浠ユ垜寤鴻鐨勫叧闂闃茬伀澧欏懡浠ゆ槸
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
鎬諱箣錛屽綋浣犺佸湪浣犵殑鏈嶅姟鍣ㄤ笂鍋氫換浣曞彉鏇存椂錛屾渶濂芥湁涓涓嫻嬭瘯鐜澧冨仛榪囧厖鍒嗙殑嫻嬭瘯鍐嶅簲鐢ㄥ埌浣犵殑鏈嶅姟鍣ㄣ傞櫎姝や箣澶栵紝瑕佺敤濂絠ptables錛岄偅灝辮佺悊瑙iptables鐨勮繍琛屽師鐞嗭紝鐭ラ亾瀵逛簬姣忎竴涓鏁版嵁鍖卛ptables鏄鎬庝箞鏍鋒潵澶勭悊鐨勩傝繖鏍鋒墠鑳藉噯紜鍦頒功鍐欒勫垯錛岄伩鍏嶅甫鏉ヤ笉蹇呰佺殑楹葷儲銆