关闭防火墙服务命令

1. win7阒茬伀澧欐庝箞鍏抽槻𨱔澧椤叧闂锻戒护镓ц屾ラ

鎸夆渨in+r钬濈粍钖堥敭锛屽湪镓揿紑妗嗕腑杈揿叆cmd锛屾墦寮锻戒护琛岀獥鍙ｃ
杈揿叆锻戒护锛歯etsh firewall set opmode disable锛屾寜锲炶溅阌銆

   濡傛灉链夊畨瑁呬简𨱒姣掕蒋浠剁殑璇濓纴鍙鑳戒细链夊畨鍏ㄦ彁绀恒傞夋嫨钬滃厑璁告搷浣溾濆嵆鍙銆
杩愯屽懡浠わ纴鐣岄溃浼氩嚭鐜颁笅闱㈢殑鎻愮ず銆

   镆ョ湅netsh advfirewall甯锷╂枃妗(镣瑰嚮杩涘叆)銆

   鍏虫帀阒茬伀澧欑殑锻戒护搴旇ユ槸:netsh advfilewall set publicprofile state off銆
浣跨敤绠＄悊锻樻潈闄愶纴镓揿紑锻戒护琛岀獥鍙ｏ纴杈揿叆netsh advfilewall set publicprofile state off銆

   鎸夊洖杞︼纴鍗冲彲鍏抽棴阒茬伀澧欍

2. linux绯荤粺镐庝箞鍏抽棴阒茬伀澧

LINUX绯荤粺镐庝箞鍏抽棴阒茬伀澧?
镓璋挞槻𨱔澧欐寚镄勬槸涓涓鐢辫蒋浠跺拰纭浠惰惧囩粍钖堣屾垚銆佸湪鍐呴儴缃戝拰澶栭儴缃戜箣闂淬佷笓鐢ㄧ绣涓庡叕鍏辩绣涔嬮棿镄勬ā姹鐣岄溃涓婃瀯阃犵殑淇濇姢灞忛㱩.鏄涓绉嶈幏鍙栧畨鍏ㄦф柟娉旷殑褰㈣薄璇存硶锛屽畠鏄涓绉嶈＄畻链虹‖浠跺拰杞浠剁殑缁揿悎锛屼娇Internet涓嶪ntranet涔嬮棿寤虹珛璧蜂竴涓瀹夊叏缃戝叧銆
涓嬮溃锛屾垜浠灏变竴璧锋潵鐪嬬湅钖!
(1) 閲嶅惎钖庢案涔呮х敓鏁堬细
寮钖锛歝hkconfig iptables on
鍏抽棴锛歝hkconfig iptables off
(2) 鍗虫椂鐢熸晥锛岄吨钖钖庡け鏁堬细
寮钖锛歴ervice iptables start
鍏抽棴锛歴ervice iptables stop
闇瑕佽存槑镄勬槸瀵逛簬Linux涓嬬殑鍏跺畠链嶅姟閮藉彲浠ョ敤浠ヤ笂锻戒护镓ц屽紑钖鍜屽叧闂镎崭綔銆
鍦ㄥ紑钖浜嗛槻𨱔澧欐椂锛屽仛濡备笅璁剧疆锛屽紑钖鐩稿叧绔鍙ｏ纴
淇鏀/etc/sysconfig/iptables 鏂囦欢锛屾坊锷犱互涓嫔唴瀹癸细
-A RH-Firewall-1-INPUT -m state 钬斺攕tate NEW -m tcp -p tcp 钬斺摅port 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state 钬斺攕tate NEW -m tcp -p tcp 钬斺摅port 22 -j ACCEPT
鎴栬咃细
/etc/init.d/iptables status 浼氩缑鍒颁竴绯诲垪淇℃伅锛岃存槑阒茬伀澧椤紑镌銆
/etc/rc.d/init.d/iptables stop 鍏抽棴阒茬伀澧
链钖庯细
鍦ㄦ牴鐢ㄦ埛涓嬭緭鍏setup锛岃繘鍏ヤ竴涓锲惧舰鐣岄溃锛岄夋嫨Firewall configuration锛岃繘鍏ヤ笅涓鐣岄溃锛岄夋嫨Security Level涓箧isabled锛屼缭瀛樸傞吨钖鍗冲彲銆
======================================================
fedora涓
/etc/init.d/iptables stop
=======================================================
ubuntu涓嬶细
鐢变簬UBUNTU娌℃湁鐩稿叧镄勭洿鎺ュ懡浠
璇风敤濡备笅锻戒护
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
𨱌傛椂寮鏀炬墍链夌鍙
Ubuntu涓婃病链夊叧闂璱ptables镄勫懡浠
=======================================================
iptables 鏄痩inux涓嬩竴娆惧己澶х殑阒茬伀澧欙纴鍦ㄤ笉钥冭槛鏁堢巼镄勬儏鍐典笅锛屽姛鑳藉己澶у埌瓒冲彲浠ユ浛浠ｅぇ澶氭暟纭浠堕槻𨱔澧欙纴浣嗘槸寮哄ぇ镄勯槻𨱔澧椤傛灉搴旂敤涓嶅綋锛屽彲鑳芥尅浣忕殑鍙涓嶅厜鏄闾ｄ簺娼滃湪镄勬敾鍑伙纴杩樻湁鍙鑳芥槸浣犺嚜宸卞摝銆傝繖涓甯︽潵镄勫嵄瀹冲逛簬鏅阃氱殑涓浜篜C𨱒ヨ村彲鑳芥棤鍏崇揣瑕侊纴浣嗘槸𨱍宠薄涓涓嬶纴濡傛灉杩欐槸涓鍙版湇锷″櫒锛屼竴镞﹀彂鐢熻繖镙风殑𨱍呭喌锛屼笉鍏夋槸褰辨棪𨰾崭粩闄㈡ｅ父镄勬湇锷★纴杩橀渶瑕佸埌鐜板満铡绘仮澶嶏纴杩欎细缁欎綘甯︽潵澶氩皯鎹熷け锻?
镓浠ユ垜𨱍宠寸殑鏄锛屽綋浣犳暡鍏ユ疮涓涓猧ptables 鐩稿叧锻戒护镄勬椂鍊欓兘瑕佷竾鍒嗗皬蹇冦
1.搴旂敤姣忎竴涓瑙勫垯鍒瘅ROP target镞讹纴閮借佷粩缁嗘镆ヨ勫垯锛屽簲鐢ㄤ箣鍓嶈佽冭槛浠栫粰浣犲甫𨱒ョ殑褰卞搷銆
2.鍦╮edhat涓鎴戜滑鍙浠ヤ娇鐢╯ervice iptables stop𨱒ュ叧闂阒茬伀澧欙纴浣嗘槸鍦ㄦ湁浜涚増链濡倁buntu涓杩欎釜锻戒护鍗翠笉璧蜂綔鐢锛屽ぇ瀹跺彲鑳藉湪缃戜笂鎼灭储鍒颁笉灏戞枃绔犲憡璇変綘鐢╥ptables -F杩欎釜锻戒护𨱒ュ叧闂阒茬伀澧欙纴浣嗘槸浣跨敤杩欎釜锻戒护鍓嶏纴鍗冧竾璁板缑鐢╥ptables -L镆ョ湅涓涓嬩綘镄勭郴缁熶腑镓链夐摼镄勯粯璁target锛宨ptables -F杩欎釜锻戒护鍙鏄娓呴櫎镓链夎勫垯锛屽彧涓崭细鐪熸ｅ叧闂璱ptables.𨱍宠薄涓涓嬶纴濡傛灉浣犵殑阈鹃粯璁target鏄疍ROP锛屾湰𨱒ヤ綘链夎勫垯𨱒ュ厑璁镐竴浜涚壒瀹氱殑绔鍙ｏ纴 浣嗕竴镞﹀簲鐢╥ptables -L 锛屾竻闄や简镓链夎勫垯浠ュ悗锛岄粯璁ょ殑target灏变细璐轰緧阒绘浠讳綍璁块梾锛屽綋铹跺寘𨰾杩灭▼ssh绠＄悊链嶅姟鍣ㄧ殑浣犮
镓浠ユ垜寤鸿镄勫叧闂阒茬伀澧椤懡浠ゆ槸
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
镐讳箣锛屽綋浣犺佸湪浣犵殑链嶅姟鍣ㄤ笂锅氢换浣曞彉镟存椂锛屾渶濂芥湁涓涓娴嬭瘯鐜澧冨仛杩囧厖鍒嗙殑娴嬭瘯鍐嶅簲鐢ㄥ埌浣犵殑链嶅姟鍣ㄣ傞櫎姝や箣澶栵纴瑕佺敤濂絠ptables锛岄偅灏辫佺悊瑙iptables镄勮繍琛屽师鐞嗭纴鐭ラ亾瀵逛簬姣忎竴涓鏁版嵁鍖卛ptables鏄镐庝箞镙锋潵澶勭悊镄勚傝繖镙锋墠鑳藉嗳纭鍦颁功鍐栾勫垯锛岄伩鍏嶅甫𨱒ヤ笉蹇呰佺殑楹荤储銆

3. linux阒茬伀澧椤叧闂鍜屽紑钖锻戒护linux阒茬伀澧椤叧闂

linux濡备綍鍏抽棴阒茬伀澧欙纻

rhel6鍏抽棴阒茬伀澧欑殑鏂规硶涓猴细serviceiptablesstatus镆ョ湅褰揿墠阒茬伀澧欑姸镐1.姘镐箙镐х敓鏁埚紑钖锛歝hkconfigiptableson鍏抽棴锛歝hkconfigiptablesoff2.鍗虫椂鐢熸晥锛岄吨钖钖庡け鏁埚紑钖锛歴erviceiptablesstart鍏抽棴锛歴erviceiptablesstoprhel7鍏抽棴阒茬伀澧欑殑鏂规硶妫钥呬负锛歴ystemctlstatusfirewalld镆ョ湅褰揿墠阒茬伀澧欑姸镐1.姘镐箙镐х敓鏁埚紑钖锛歴ystemctlenablefirewalld鍏抽棴锛歴ystemctldisablefirewalld2.鍗虫椂鐢熸晥锛岄吨钖钖庡け鏁埚紑钖锛歴ystemctlstartfirewalld鍏抽棴锛歴ystemctlstopfirewalld

linux濡备綍鍏抽棴nginx阒茬伀澧欙纻

Linux鍏抽棴Nginx阒茬伀澧欑殑锻戒护鏄锛氭や妇钖

firewall-cmd--remove-port=80/tcp--permanent

firewall-cmdreload

systemctlrestartfirewalld.service

linux6.0淇鏀归槻𨱔澧栾剧疆锛

鏀筁inux绯荤粺阒茬伀澧欓厤缃闇瑕佷慨鏀/etc/sysconfig/iptables杩欎釜鏂囦欢

vim/etc/sysconfig/iptables

鍦╲im缂栬緫鍣锛屼细鐪嫔埌涓嬬瓟镙搁溃镄勫唴瀹

#-config-firewall

#.

*filter

:INPUTACCEPT

:FORWARDACCEPT

:OUTPUTACCEPT

-AINPUT-mstate--stateESTABLISHED,RELATED-jACCEPT

-AINPUT-picmp-jACCEPT

-AINPUT-ilo-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport22-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport8080-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport3306-jACCEPT

-AINPUT-mstate--stateNEW-mtcp-ptcp--dport2181-jACCEPT

-AINPUT-jREJECT--reject-withicmp-host-prohibited

-AFORWARD-jREJECT--reject-withicmp-host-prohibited

COMMIT

闇瑕佸紑鏀剧鍙ｏ纴璇峰湪閲岄溃娣诲姞涓𨱒′竴涓嫔唴瀹瑰嵆鍙:

-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport1521-jACCEPT

鍏朵腑1521鏄瑕佸紑鏀剧殑绔鍙ｅ彿锛岀劧钖庨吨鏂板惎锷╨inux镄勯槻𨱔澧欐湇锷°

Linux涓嫔仠姝/钖锷ㄩ槻𨱔澧欐湇锷＄殑锻戒护(root鐢ㄦ埛浣跨敤)锛

serviceiptablesstop--锅沧

serviceiptablesstart--钖锷

鍐椤湪链钖:

#姘镐箙镐х敓鏁堬纴閲嶅惎钖庝笉浼氩嶅师

chkconfigiptableson#寮钖

chkconfigiptablesoff#鍏抽棴

#鍗虫椂鐢熸晥锛岄吨钖钖庡嶅师

serviceiptablesstart#寮钖

serviceiptablesstop#鍏抽棴

Linux鍐呮牳鎻愪緵阒茬伀澧椤悧锛

鎻愪緵

SElinux鏄锘轰簬鍐呮牳寮鍙戝嚭𨱒ョ殑涓绉嶅畨鍏ㄦ満鍒讹纴琚绉颁箣涓哄唴镙哥骇锷犲己鍨嬮槻𨱔澧欙纴链夊姏镄勬彁鍗囦简绯荤粺镄勫畨鍏ㄦс

SElinux镄勪綔鐢ㄥ垎涓轰袱鏂归溃锛1.鍦ㄦ湇锷′笂闱㈠姞涓婃爣绛撅绂2.鍦ㄥ姛鑳戒笂闱㈤檺鍒跺姛鑳

鍦╨inux绯荤粺涓浣跨敤getenforce锻戒护鍙浠ユ煡鐪媠elinux镄勭姸镐侊细

disabled涓哄叧闂鐘舵侊纴瀵规湇锷″拰锷熻兘閮芥病链夐檺鍒

enforcing涓哄己鍒剁姸镐侊纴瀵规湇锷″拰锷熻兘閮借繘琛岄檺鍒

linux涓镐庢牱镆ョ湅阒茬伀澧欐槸钖﹀叧闂浜嗭纻

璇︾粏姝ラゅ备笅锛

1銆佹墦寮Linux绯荤粺杩涘叆妗岄溃锛岀偣鍑讳笂鏂硅彍鍗曟爮澶勚愮郴缁熴戦夐”锛

2銆佸湪寮瑰嚭镄勮彍鍗曟爮涓锛屼緷娆＄偣鍑汇愮＄悊銆戯纴銆愰槻𨱔澧欍戦夐”锛

3銆佽繘鍏ラ槻𨱔澧欑晫闱锛岃緭鍏ョ敤鎴峰瘑镰侊纴杩涜屽畨鍏ㄩ獙璇侊绂

4銆佽繛鎺ユ湇锷″櫒钖庯纴杈揿叆璇鍙モ荣erviceiptablesstatus钬欙纴锲炶溅锛屼细鏄剧ず阒茬伀澧欑姸镐侊绂

5銆佽緭鍏ヨ鍙モ榗hkconfigiptableson钬欙纴鍙浠ュ紑钖阒茬伀澧欍傛垨钥呬娇鐢ㄨ鍙モ榗hkconfigiptablesoff钬欙纴鍏抽棴阒茬伀澧欙纴闇瑕侀吨钖钖庣敓鏁堛

4. 锻戒护琛屽紑钖/鍏抽棴windows阒茬伀澧

鏂规硶涓1棣栧厛鍙冲嚮quot缃戠粶quot锲炬爣锛屽湪鍗曞嚮钬滃睘镐р2鍗曞嚮钬漺indows阒茬伀澧檘uot3鍦ㄥ崟鍑烩滃惎鐢ㄦ垨鍏抽棴windows阒茬伀澧檘uot4阃夋嫨钬濆叧windows阒茬伀澧欎笉鎺ㄨ崘鍦ㄥ崟鍑烩灭‘瀹氩氨鍙浠ュ畬鎴愪简鏂规硶浜1绗浜岀嶆柟娉曟湁鍙屽嚮钬沧带鍒堕溃𨱒裤
1镓揿紑寮濮嬶纴镣瑰嚮杩愯2杈揿叆cmd锛岀偣鍑荤‘瀹3鎻愮ず绗﹀悗杈揿叆net stop mpssvc锛屽洖杞﹀嵆鍙鍏抽棴4鎻愮ず绗﹀悗杈揿叆net start mpssvc锛屽洖杞﹀嵆鍙寮钖鐢╟md锻戒护鍏抽棴阒茬伀澧欐柟娉曚簩阒茬伀澧椤湪Windows绯荤粺涓鏄浠ユ湇锷＄殑褰㈠纺杩愯岀殑浠win銆
_棣栧厛鍙抽敭镣瑰嚮寮濮嬫寜阍锛岀偣鍑昏繍琛岋纴杈揿叆钬渃ontrol钬濓纴镣瑰嚮纭瀹氱劧钖庣偣鍑籛indows阒茬伀澧椤浘镙嘷鍗曞嚮钖鐢ㄦ垨鍏抽棴Windows阒茬伀澧欐渶钖庨夋嫨鍏抽棴Windows阒茬伀澧欙纴镣瑰嚮纭瀹氩嵆鍙鍏抽棴阒茬伀澧檩阃氲繃浠ヤ笂鍑犳ヨ剧疆锛屽氨鍙浠ユ垚锷熷叧闂鐢佃剳镊甯︾殑阒茬伀澧欎简銆
锲炵瓟鎺у埗闱㈡澘windows阒茬伀澧椤乏渚у垪琛╭uot镓揿紑鎴栧叧闂阒茬伀澧檘uot锛屾妸涓や釜缃戠粶浣岖疆镄勯槻𨱔澧欓兘鍏虫帀锛岃繖镙峰氨鍙浠ヤ晶搴曞叧鎺変简銆
璇风偣鍑诲伐鍏锋爮镄勫紑濮嬭彍鍗曪纴鍦ㄥ脊鍑虹殑椤甸溃涓嬫柟鏂囨湰妗嗕腑杈揿叆钬渇irewallcpl钬濓纴铹跺悗鍦ㄦ垒鍒扮殑绋嫔簭涓榧犳爣鍗曞嚮璇ョ▼搴忓崟鍑诲紑濮嬭彍鍗曚腑镄勭▼搴忓悗锛岀郴缁熶细镓揿紑涓涓鏂扮殑椤甸溃镓惧埌涓婂浘涓镙囩孩镄勨沧墦寮鎴栧叧闂璚indows阒茬伀澧欌濓纴椤甸溃璺宠浆濡备笅銆

镓揿紑鎺у埗闱㈡澘钖庯纴鎴戜滑鍙浠ュ湪鎺у埗闱㈡澘涓鐪嫔埌寰埚氶夋嫨锛岃繖閲屾垜浠阃夋嫨绯荤粺鍜屽畨鍏ㄦ墦寮杩涘叆涓嬩竴姝ユ墦寮绯荤粺鍜屽畨鍏ㄧ晫闱㈠悗锛屾垜浠阃夋嫨windows阒茬伀澧欐墦寮锛岃繘鍏ヤ笅涓姝ュ湪windows阒茬伀澧欑晫闱㈢殑宸﹁竟锛屾垜浠鍙浠ョ湅鍒扳沧墦寮鎴栧叧闂瓀indows阒茬伀澧欌濄