原文:
sftpd 与TCP_wrapper 结合到一块来实现这种要求
/etc/hosts.allow 定义允许的地址:
/etc/hosts.deny 定义拒绝的来源地址.
/etc/hosts.allow 如下:
-
#
-
# hosts.allow This file describes the names of the hosts which are
-
# allowed to use the local INET services, as decided
-
# by the ‘/usr/sbin/tcpd’ server.
-
#
-
vsftpd :123.103.47.0/255.255.255.0 218.240.63.0/255.255.255.0 59.46.172.0/255.255.255.0 10.0.0.0/255.0.0.0 60.2.80.0/255.255.255.0 218.249.230.0/255.255.255.0 160.10.0.0/255.255.0.0 218.246.69.0/255.255.255.0 125.35.3.0/255.255.255.0:allow
/etc/hosts.deny如下:
-
#
-
# hosts.deny This file describes the names of the hosts which are
-
# *not* allowed to use the local INET services, as decided
-
# by the ‘/usr/sbin/tcpd’ server.
-
#
-
# The portmap line is redundant, but it is left to remind you that
-
# the new secure portmap uses hosts.deny and hosts.allow. In particular
-
# you should know that NFS uses portmap!
-
vsftpd : ALL : DENY
将tcp_wrappers=yes添加至
/etc/vsftpd/vsftpd.conf 中
vi /etc/vsftpd/vsftpd.conf
重新启动vsftpd
[root@home vsftpd]# /sbin/service vsftpd restart
Shutting down vsftpd: OK ]
Starting vsftpd for vsftpd: OK ]
阅读(1221) | 评论(0) | 转发(1) |