Windows system >> Linux system Tutorial >> About Linux

How Linux prohibits specific ip address access

  
                

Linux system, if you need to prohibit specific ip address access to ensure the security of the system, just by operating iptalbes to achieve, the following small series will tell you how Linux prohibits access to an ip address, interested friends Can come to understand.

First, an overview

These two documents are tcpd server configuration file, tcpd server can control external access to native IP services. The format of these two configuration files is as follows:

#服务Process Name: Host List: Optional Command Operations When Rules Match

server_name:hosts-list[:command]

The /etc/hosts.allow control can access the IP address of this machine, and /etc/hosts.deny controls the IP that is prohibited from accessing this machine. If there is a conflict between the configuration of the two files, the /etc/hosts.deny will prevail.

The /etc/hosts.allow and /etc/hosts.deny files control remote access settings, allowing you to allow or deny a client of an ip or ip segment to access a linux service.

For example, SSH service, we are usually only open to administrators, then we can disable unnecessary IP, and only open the IP segment that the administrator may use.

Second, configuration

1, modify /etc/hosts.allow file

#

#host.allow This file describes the names of the hosts Which are

# allowed to use the local INET services, as decided

# by the ‘/usr/sbin/tcpd’ server.

#

sshd:210.13.218.*:allow

sshd:222.77.15.*:allow

all:218.24.129.110 #Expresses all requests for 110 ip!

in.telnetd:140.116.44.0/255.255.255.0

in.telnetd:140.116.79.0/255.255.255.0

in.telnetd:140.116.141.99

in.telnetd:LOCAL

smbd:192.168.0.0/255.255.255.0 #Allow 192.168.0. IP access to the smbd service on the network segment

#sendmail:192.168.1.0/255.255 .255.0

#pop3d:192.168.1.0/255.255.255.0

#swat:192.168.1.0/255.255.255.0

pptpd:all EXCEPT 192.168.0.0/255.255. 255.0

httpd:all

vsftpd:all

The above notation allows 210 and 222 ip segments to connect to the sshd service (this will inevitably require the use of the hosts.deny file) ), of course: allow can be omitted.

The ALL keyword matches all cases. EXCEPT matches the case except for certain items. The PARANOID matches the case where the IP address you want to control does not match its domain name (domain name masquerade).

2, modify the /etc/hosts.deny file

#

# hosts.deny This file describes the names of the hosts which are

# *not* allowed to use the local INET services, as decided

# by the ‘/usr/sbin/tcpd’ server.

#

# The portmap line Is redundant, but it is left to remind you that

# the new secure portmap uses hosts.deny and hosts.allow. In particular

# you should know that NFS uses portmap!

sshd:all:deny

in.telnet:ALL

ALL:ALL EXCEPT 192.168.0.1/255.255.255.0,192.168.1.21,

202.10.5.0/255.255.255.0

Note: sshd:all:deny means that all sshd remote connections are rejected. :deny can be omitted.
Previous123Next page Total 3 pages

About Linux
Windows system
How to solve the blue screen when installing VMWare in Linux?

Many netizens reported that there was a blue screen when installing VMWare on Linux. There was an er
Do you know the 7 major trends in the Linux desktop space?

                 Now that the Internet is developing at a high speed, the desktop application enviro
How to connect wifi through the command line under Linux?

Usually, our computers are connected by broadband, so how to set up wireless wifi? The following sma
How Linux uses the shell to view all files in the directory and its subdirectories

                 In Linux system, in addition to PHP can view the file directory, the shell command

How to use the find command in Linux

We all know that the command to find files under Linux is the find command. With this command, you c
Ubuntu system to install PPA on the terminal Step

In the Linux system, users can upload the source code of the program through PPA, so that they can s
  • Linux system FAQ
  • Linux Tutorial
  • About Linux

    • Seven secret weapons dealing with insufficient system resources

    Upgrade win10 RTM official version c disk space is not enough to solve

    How to restore to Win7 after upgrading to Win10?

    Windows 7 reads domain server files (Samba)

    Win8 Credential Manager Upgrade Account Password Easy Backup and Restore

    Microsoft pushes Windows 8 security patch to fix Flash vulnerability

    Win8 system /win10 system connected to XP system printers can not always find the driver solution graphic tutorial

    Win7 boot prompt DQS training failed on previous boot how to do

    Win7 can not close the reason for password protection sharing and solution

    Interesting Windows 7 Super Taskbar Prototype

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved