一、配置防火墙,开启80端口、3306端口

CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙。


1、关闭firewall:


systemctl stop firewalld.service #停止firewall


systemctl disable firewalld.service #禁止firewall开机启动

IT网,http://www.it.net.cn

2、安装iptables防火墙

yum install iptables-services #安装


vi /etc/sysconfig/iptables #编辑防火墙配置文件

# Firewall configuration written by system-config-firewall Linux学习,http:// linux.it.net.cn

# Manual customization of this file is not recommended.


*filter


:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0] Linux学习,http:// linux.it.net.cn

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


-A INPUT -p icmp -j ACCEPT


-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT


-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT


-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT


-A INPUT -j REJECT --reject-with icmp-host-prohibited


-A FORWARD -j REJECT --reject-with icmp-host-prohibited IT网,http://www.it.net.cn

COMMIT IT网,http://www.it.net.cn

:wq! #保存退出


systemctl restart iptables.service #最后重启防火墙使配置生效


systemctl enable iptables.service #设置防火墙开机启动


二、关闭SELINUX


vi /etc/selinux/config

#SELINUX=enforcing #注释掉


#SELINUXTYPE=targeted #注释掉 IT网,http://www.it.net.cn

SELINUX=disabled #增加 Linux学习,http:// linux.it.net.cn

:wq! #保存退出

setenforce 0 #使配置立即生效


在 CentOS 7
暫時開放 ftp 服務
firewall-cmd--add-service=ftp

永久開放 ftp 服務
firewall-cmd --add-service=ftp--permanent
永久關閉
firewall-cmd --remove-service=ftp--permanent
success

讓設定生效
systemctl restartfirewalld

檢視設定是否生效
iptables -L -n | grep21
ACCEPT tcp  -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW

檢查防火牆狀態 
firewall-cmd --state
running

systemctl stopfirewalld
firewall-cmd --state
not running


firewall-cmd--list-all
public (default)
interfaces:
sources:
services:dhcpv6-client ftp ssh
ports:
masquerade:no
forward-ports:
icmp-blocks:
richrules:

在 FirewallD 的服務名稱 
firewall-cmd--get-service
amanda-client bacula bacula-clientdhcp dhcpv6 dhcpv6-client dns ftp high-availability http httpsimaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirtlibvirt-tls mdns mountd ms-wbt mysql nfs ntp open*** pmcd pmproxypmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bindsamba samba-client smtp ssh telnet tftp tftp-clienttransmission-client vnc-server wbem-https

查詢服務的啟用狀態 
firewall-cmd --query-serviceftp
yes
firewall-cmd --query-servicessh
yes
firewall-cmd --query-servicesamba
no
firewall-cmd --query-servicehttp
no

自行加入要開放的 Port 
firewall-cmd--add-port=3128/tcp
firewall-cmd--list-all
public (default)
interfaces:
sources:
services:dhcpv6-client ftp ssh
ports:3128/tcp
masquerade:no
forward-ports:
icmp-blocks:
rich rules: