hosts allow/deny(两者共存时allow优先级高)
接下来的hosts allow选项对于安全性很重要.它可以设置允许访问的网络和主机IP地址.这里要注意,多个主机的IP地址之间使用空格隔开,可以使用完整的IP地址,如192.168.0.5 也可以使用网段192.168.0. 例如允许192.168.0.0和192.168.0.20访问.可使用:hosts allow = 192.168.0.50 192.168.0.20
实例:
实例1(拒绝10.0.0.0/8这个网段但允许10.0.0.2主机):
[sales]
path = /sales
writable = yes
hosts deny = 10.
hosts allow = 10.0.0.2
实例2(拒绝来自.sale.com域和.net域以及主机名为free的客户端访问Samba服务器):
[public]
path = /public
public = yes
writable = no
hosts deny = .sale.com .net free
实例3(所有的Samba共享只有192.168.1.100可以访问,就是应用在全局中):
[global]
hosts deny = all
hosts allow = 192.168.1.100
实例4(只有192.168.1.100能访问public共享目录):
[public]
path = /public
public = yes
writable = no
hosts deny = all
hosts allow = 192.168.1.100
阅读(797) | 评论(0) | 转发(0) |