1. tcp--wrappers : 保护ssh vsftpd portmap telnet 等小服务的 基于内核的 vim :wq 后立即生效
而像dhcp里面的blackhole trusted untrusted 则是用来针对http 大一点儿的服务
2. 包:tcp_wrappers-libs-7.6-56.3.el6.i686 默认是安装的
3. 配置文件: /etc/host*
-rw-r--r--. 1 root root 26 Jan 12 2010 host.conf
-rw-r--r--. 1 root root 131 Jun 7 10:26 hosts
-rw-r--r--. 1 root root 370 Jan 12 2010 hosts.allow
-rw-r--r--. 1 root root 460 Jan 12 2010 hosts.deny
4. # vim hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
vsftpd, sshd: ALL EXCEPT 192.168.0.11/255.255.255.0 .redhat.com
多个服务之间用逗号隔开 多个域名 ip 之间 一般都是用 空格隔开
阅读(1012) | 评论(0) | 转发(0) |