FireWall2014/08/01 |
[1] | It's possible to show Service Status of FireWall like follows. (enabled by default) |
[root@dlp ~]# /etc/rc.d/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ..... ..... # if it's not running, it shows "iptables: Firewall is not running." |
[2] |
If you use FireWall service, it needs to modify settings of it because incoming requests for services are mostly not allowed by default.
Refer to here to basic operation and settings to configure iptables service.
|
[3] | If FireWall service does not need for you because of some reasons like that some FireWall Machines are running in your Local Netowrk or others, it's possbile to stop and disable it like follows. |
# stop service [root@dlp ~]# /etc/rc.d/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] # disable service [root@dlp ~]# chkconfig iptables off
|
SELinux
|
[4] | It's possible to show Status of SELinux (Security-Enhanced Linux) like follows. (enabled by default) |
[root@dlp ~]# getenforce Enforcing # SELinux is enabled
|
[5] |
If you enable SELinux, Refer to here for basic operations and configurations of SELinux.
|
[6] | If SELinux function does not need for you because of some reasons like that your server is running only in Local safety Network or others, it's possbile to disable it like follows. |
[root@dlp ~]#
vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # change to disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted # restart to apply new setting [root@dlp ~]# |
Sponsored Link |
|