[root@localhost /]# systemctl status firewalld.service #查看防火墙状态,运行中 ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2016-04-07 18:54:29 PDT; 2h 20min ago Main PID: 802 (firewalld) CGroup: /system.slice/firewalld.service └─802 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Apr 07 18:54:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Apr 07 18:54:29 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. [root@localhost /]# systemctl stop firewalld.service #关闭防火墙 [root@localhost /]# systemctl status firewalld.service #再次查看防火墙状态,发现已关闭 ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Thu 2016-04-07 21:15:34 PDT; 9s ago Main PID: 802 (code=exited, status=0/SUCCESS) Apr 07 18:54:25 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Apr 07 18:54:29 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Apr 07 21:15:33 localhost systemd[1]: Stopping firewalld - dynamic firewall daemon... Apr 07 21:15:34 localhost systemd[1]: Stopped firewalld - dynamic firewall daemon. [root@localhost /]# systemctl disable firewalld.service #禁止使用防火墙(重启也是禁止的) Removed symlink /etc/systemd/system/dbus-org.Fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@localhost /]#
关闭selinux(需重启生效)
[root@localhost /]# vi /etc/selinux/config [root@localhost /]# cat /etc/selinux/config
将 SELINUX=disabled #此处修改为disabled
修改内核参数
[root@localhost /]# vi /etc/sysctl.conf
在最下面添加以下内容:
net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.rp_filter = 1 fs.file-max = 6815744 #设置最大打开文件数 fs.aio-max-nr = 1048576 kernel.shmall = 2097152 #共享内存的总量,8G内存设置:2097152*4k/1024/1024 kernel.shmmax = 2147483648 #最大共享内存的段大小 kernel.shmmni = 4096 #整个系统共享内存端的最大数 kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 9000 65500 #可使用的IPv4端口范围 net.core.rmem_default = 262144 net.core.rmem_max= 4194304 net.core.wmem_default= 262144 net.core.wmem_max= 1048576
使配置参数生效
[root@localhost /]# sysctl -p net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.rp_filter = 1 sysctl: setting key "fs.file-max": Invalid argument fs.file-max = 6815744 #设置最大打开文件数 fs.aio-max-nr = 1048576 sysctl: setting key "kernel.shmall": Invalid argument kernel.shmall = 2097152 #共享内存的总量,8G内存设置:2097152*4k/1024/1024 sysctl: setting key "kernel.shmmax": Invalid argument kernel.shmmax = 2147483648 #最大共享内存的段大小 sysctl: setting key "kernel.shmmni": Invalid argument kernel.shmmni = 4096 #整个系统共享内存端的最大数 kernel.sem = 250 32000 100 128 sysctl: setting key "net.ipv4.ip_local_port_range": Invalid argument net.ipv4.ip_local_port_range = 9000 65500 #可使用的IPv4端口范围 net.core.rmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 1048576 [root@localhost /]#
