解決centos7隻能telnet通22端口的問題

1. 檢視SELinux狀态

1.1 getenforce

• getenforce 指令是單詞get（擷取）和enforce(執行)連寫，可檢視selinux狀态，與setenforce指令相反。
• setenforce 指令則是單詞set（設定）和enforce(執行)連寫，用于設定selinux防火牆狀态，如： setenforce 0用于關閉selinux防火牆，但重新開機後失效

  [[email protected] ~]# getenforce
  Enforcing
             

1.2 /usr/sbin/sestatus

Current mode表示目前selinux防火牆的安全政策

[[email protected] ~]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
           

SELinux status：selinux防火牆的狀态，enabled表示啟用selinux防火牆

Current mode： selinux防火牆目前的安全政策，enforcing 表示強

2. 關閉SELinux

2.1 臨時關閉

setenforce 0 ：用于關閉selinux防火牆，但重新開機後失效。

[[email protected] ~]# setenforce 0
           

[[email protected] ~]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
           

2.1 永久關閉

修改selinux的配置檔案，重新開機後生效。

打開 selinux 配置檔案

[[email protected] ~]# vim /etc/selinux/config
           

修改 selinux 配置檔案

将SELINUX=enforcing改為SELINUX=disabled，儲存後退出

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
           

此時擷取目前selinux防火牆的安全政策仍為Enforcing，配置檔案并未生效。

[[email protected] ~]# getenforce
Enforcing
           

重新開機

[[email protected] ~]# reboot
           

驗證

[[email protected] ~]# /usr/sbin/sestatus
SELinux status:                 disabled

[[email protected] ~]# getenforce
Disabled
           

 然後：

firewall-cmd --list-port

如果提示firewall commond found,執行yum install firewall。再執行以上指令。

新增端口權限：

1、增加一個持久通路端口：

firewall-cmd --zone=public  --permanent --add-port=需要添加的端口/tcp

           

2、重新開機防火牆

firewall-cmd --reload
           

此時，用telnet ip 新增的端口，即可telnet通。。。

OK，大功告成！！！