Jac*_*ADE 5 iptables ufw firewalld centos7
我已经禁用了selinux /etc/sysconfig/selinux:
SELINUX=disabled\n重新启动并禁用这两个firewalld服务iptables。
# sestatus\nSELinux status: disabled\n\n# systemctl status firewalld\n\xe2\x97\x8f firewalld.service - firewalld - dynamic firewall daemon\n Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)\n Active: inactive (dead)\n Docs: man:firewalld(1)\n\n# systemctl status iptables\n\xe2\x97\x8f iptables.service - IPv4 firewall with iptables\n Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)\n Active: inactive (dead) \n\n# ufw status\nStatus: inactive\n我仍然无法使用特定端口访问服务器:
\n\n# nc -v 10.0.12.3 8887\nnc: connect to 10.0.12.3 port 8887 (tcp) failed: Connection refused\n我可以 ping 服务器并通过 ssh 连接到它。
\n\n我尝试使用iptables和打开端口firewalld,但没有成功。剩下的最后一个选项是完全禁用防火墙,但即使这样也不起作用。
正在侦听的端口是:
\n\n# netstat -plnt\n\nActive Internet connections (only servers)\nProto Recv-Q Send-Q Local Address Foreign Address State PID/Program name \ntcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1031/rpcbind \ntcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1843/dnsmasq \ntcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1392/sshd \ntcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1391/cupsd \ntcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1756/master \ntcp 0 0 0.0.0.0:6010 0.0.0.0:* LISTEN 1892/sshd: jmalapra \ntcp 0 0 0.0.0.0:6011 0.0.0.0:* LISTEN 2461/sshd: jmalapra \ntcp6 0 0 :::111 :::* LISTEN 1031/rpcbind \ntcp6 0 0 :::22 :::* LISTEN 1392/sshd \ntcp6 0 0 ::1:631 :::* LISTEN 1391/cupsd \ntcp6 0 0 :::6010 :::* LISTEN 1892/sshd: jmalapra \ntcp6 0 0 :::6011 :::* LISTEN 2461/sshd: jmalapra\n使用netstat或ss验证服务是否正在侦听相关 IP/端口。
既然您已验证相关服务正在运行,请进行编辑,重置您的盒子的安全措施:
# Restore SELinux
sed -i -e 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/sysconfig/selinux
touch /.autorelabel
reboot
# Firewall exception
firewall-cmd --zone=public --add-port=8887/tcp --permanent
firewall-cmd --reload
# Remove superfluous packages
yum remove -y iptables-services ufw
| 归档时间: |
|
| 查看次数: |
19207 次 |
| 最近记录: |