PokuG stdio.h

stdio.hはおまじない

MENU

CentOS8でファイアウィール機能を無効にする

f:id:yarufu101:20201216093123p:plain

CentOS8でファイアウィール機能を無効にする。
勉強目的などでルーターの下にLinuxをインストールするならファイアウィールを無効にしてもバチは当たらないと思うんです。
テストや勉強目的でサーバーを構築してファイアウィールが問題で設定にハマりましたとかならないために環境はノーガードで行きたい人へ。

CentOS8のファイアウィール

CentOS8のファイアウォールのデーモン(サービス)は

  • firewalld
  • nftables

のどっちかみたいです。

サービスが立ち上げっているかの確認方法

以下コマンド。

systemctl list-unit-files --type service

 結果のサンプルは以下

[root@KUNASHIRI ~]# systemctl list-unit-files --type service
UNIT FILE                                  STATE
arp-ethers.service                         disabled
atd.service                                enabled
auditd.service                             enabled
autovt@.service                            enabled
blk-availability.service                   disabled
chrony-dnssrv@.service                     static
chrony-wait.service                        disabled
chronyd.service                            enabled
cockpit-motd.service                       static
cockpit.service                            static
console-getty.service                      disabled
container-getty@.service                   static
cpupower.service                           disabled
crond.service                              enabled
dbus-org.fedoraproject.FirewallD1.service  enabled
dbus-org.freedesktop.hostname1.service     static
dbus-org.freedesktop.locale1.service       static
dbus-org.freedesktop.login1.service        static
dbus-org.freedesktop.nm-dispatcher.service enabled
dbus-org.freedesktop.portable1.service     static
dbus-org.freedesktop.resolve1.service      enabled
dbus-org.freedesktop.timedate1.service     enabled
dbus.service                               static
dbxtool.service                            disabled
debug-shell.service                        disabled
dm-event.service                           static
dnf-makecache.service                      static
dracut-cmdline.service                     static
dracut-initqueue.service                   static
dracut-mount.service                       static
dracut-pre-mount.service                   static
dracut-pre-pivot.service                   static
dracut-pre-trigger.service                 static
dracut-pre-udev.service                    static
dracut-shutdown.service                    static
ebtables.service                           disabled
emergency.service                          static
firewalld.service                          enabled
fprintd.service                            static
fstrim.service                             static
getty@.service                             enabled
grub-boot-indeterminate.service            static
halt-local.service                         static
import-state.service                       enabled
initrd-cleanup.service                     static
initrd-parse-etc.service                   static
initrd-switch-root.service                 static
initrd-udevadm-cleanup-db.service          static
iprdump.service                            disabled
iprinit.service                            disabled
iprupdate.service                          disabled
irqbalance.service                         enabled
kdump.service                              enabled
kmod-static-nodes.service                  static
kpatch.service                             disabled
ldconfig.service                           static
libstoragemgmt.service                     enabled
loadmodules.service                        enabled
lvm2-lvmpolld.service                      static
lvm2-monitor.service                       enabled
lvm2-pvscan@.service                       static
man-db-cache-update.service                static
mcelog.service                             enabled
mdadm-grow-continue@.service               static
mdadm-last-resort@.service                 static
mdcheck_continue.service                   static
mdcheck_start.service                      static
mdmon@.service                             static
mdmonitor-oneshot.service                  static
mdmonitor.service                          enabled
messagebus.service                         static
microcode.service                          enabled
mlocate-updatedb.service                   static
NetworkManager-dispatcher.service          enabled
NetworkManager-wait-online.service         enabled
NetworkManager.service                     enabled
nftables.service                           disabled
nis-domainname.service                     enabled
oddjobd.service                            disabled
packagekit-offline-update.service          static
packagekit.service                         static
plymouth-halt.service                      static
plymouth-kexec.service                     static
plymouth-poweroff.service                  static
plymouth-quit-wait.service                 static
plymouth-quit.service                      static
plymouth-read-write.service                static
plymouth-reboot.service                    static
plymouth-start.service                     static
plymouth-switch-root.service               static
polkit.service                             static
psacct.service                             disabled
quotaon.service                            static
rc-local.service                           static
rdisc.service                              disabled
realmd.service                             static
rescue.service                             static
rngd.service                               enabled
rsyslog.service                            enabled
selinux-autorelabel-mark.service           enabled
selinux-autorelabel.service                static
serial-getty@.service                      disabled
smartd.service                             enabled
sshd-keygen@.service                       disabled
sshd.service                               enabled
sshd@.service                              static
sssd-autofs.service                        indirect
sssd-kcm.service                           indirect
sssd-nss.service                           indirect
sssd-pac.service                           indirect
sssd-pam.service                           indirect
sssd-ssh.service                           indirect
sssd-sudo.service                          indirect
sssd.service                               enabled
syslog.service                             enabled
system-update-cleanup.service              static
systemd-ask-password-console.service       static
systemd-ask-password-plymouth.service      static
systemd-ask-password-wall.service          static
systemd-backlight@.service                 static
systemd-binfmt.service                     static
systemd-coredump@.service                  static
systemd-exit.service                       static
systemd-firstboot.service                  static
systemd-fsck-root.service                  static
systemd-fsck@.service                      static
systemd-halt.service                       static
systemd-hibernate-resume@.service          static
systemd-hibernate.service                  static
systemd-hostnamed.service                  static
systemd-hwdb-update.service                static
systemd-hybrid-sleep.service               static
systemd-initctl.service                    static
systemd-journal-catalog-update.service     static
systemd-journal-flush.service              static
systemd-journald.service                   static
systemd-kexec.service                      static
systemd-localed.service                    static
systemd-logind.service                     static
systemd-machine-id-commit.service          static
systemd-modules-load.service               static
systemd-portabled.service                  static
systemd-poweroff.service                   static
systemd-quotacheck.service                 static
systemd-random-seed.service                static
systemd-reboot.service                     static
systemd-remount-fs.service                 static
systemd-resolved.service                   enabled
systemd-rfkill.service                     static
systemd-suspend-then-hibernate.service     static
systemd-suspend.service                    static
systemd-sysctl.service                     static
systemd-sysusers.service                   static
systemd-timedated.service                  masked
systemd-tmpfiles-clean.service             static
systemd-tmpfiles-setup-dev.service         static
systemd-tmpfiles-setup.service             static
systemd-udev-settle.service                static
systemd-udev-trigger.service               static
systemd-udevd.service                      static
systemd-update-done.service                static
systemd-update-utmp-runlevel.service       static
systemd-update-utmp.service                static
systemd-user-sessions.service              static
systemd-vconsole-setup.service             static
systemd-volatile-root.service              static
tcsd.service                               disabled
teamd@.service                             static
timedatex.service                          enabled
tuned.service                              enabled
unbound-anchor.service                     static
user-runtime-dir@.service                  static
user@.service                              static
vdo.service                                enabled
vgauthd.service                            enabled
vmtoolsd-init.service                      disabled
vmtoolsd.service                           enabled

177 unit files listed.
[root@KUNASHIRI ~]#

サービスの一覧コマンドを実行した結果。
firewalld.serviceenablenftables.servicedisableになっているので、firewalld.serviceを止める必要があります。

サービスの止め方

systemctlの止め方

systemctl stop firewalld
systemctl disable firewalld

nftablesの止め方

systemctl stop nftables
systemctl disable nftables

以上