hosts.allow hosts.deny

     简单控制访问ip,hosts.allow/hsots.deny  a simple access control language that is based on client (host name/address, user name), and server (process  name,  host
name/address)  patterns.  

格式:

daemon_list : client_list [ : shell_command ]

参数:

ALL               ###所有

LOCAL           ###本地

172.24.0.  == 172.24.0.0/255.255.255.0 == 172.24.0.*

/etc/hosts.allow

ALL:ALL :deny | allow

ALL:LOCAL

ALL:172.24.0.27 100.100.10.

sshd:172.24.0.

ALL: .bad.domain: DENY
ALL: ALL: ALLOW

/etc/hosts.deny

ALL: .friendly.domain: ALLOW
ALL: ALL: DENY

 

example:

/etc/hosts.allow

ALL:172.24.0.:ALLOW   ###仅允许172.24.0.网段的IP访问

/etc/hosts.deny

ALL:ALL:DENY              ###所有阻止

 

linux系统会先检查/etc/hosts.deny规则,再检查/etc/hosts.allow规则,如果有冲突,优先/etc/hosts.allow规则处理

posted @ 2017-05-14 15:58  mvpbang  阅读(398)  评论(0编辑  收藏  举报