linux之hosts.allow
简单控制访问ip,hosts.allow/hsots.deny
brief
a simple access control language that is based on client (host name/address, user name), and server (process name, hostname/address) patterns.
hosts.allow
格式:
serivce: [client]: [action]
serivce: 被控制服务名
client: 客户端主机名、IP地址(支持通配 * .) ALL/172.
action: 动作 ALLOW/DENY
ALL //所有
LOCAL //本地
172.24.0. == 172.24.0.0/255.255.255.0 == 172.24.0.*
例子
/etc/hosts.allow
sshd: 172.24.20.*: ALLOW
/etc/hosts.deny
sshd: 10.10.:DENY
or
/etc/hosts.allow
sshd: 172.24.20. //默认ALLOW
/etc/hosts.deny
sshd: 10.10. //默认DENY
/etc/hosts.allow
# 仅允许172.24.0.网段的IP访问
ALL:172.24.0.:ALLOW
/etc/hosts.deny
# 所有阻止
ALL:ALL:DENY
linux系统会先检查/etc/hosts.allow规则,再检查/etc/hosts.deny规则,如果有冲突优先按照/etc/hosts.allow规则处理