Set hosts.allow and hosts.deny to block IP on Linux

hosts.allow and hosts.deny are in the /etc/directory. The priority is first to check hosts.deny, then check hosts.allow, the latter setting can override the former limit,

For example: 1. Limit all ssh unless it comes from 218.64.87.0——127. Hosts.deny:in.sshd:ALLhosts.allow:in.sshd:218.64.87.0/255.255.255.128

2. Close the telnethosts.denyin.sshd:218.64 of 218.64.87.0——127. 87.0/255.255.255.128

3. Restrict everyone's TCP connection unless accessing hosts.denyALL:ALLhosts.allowALL:218.64.87.0/255.255.255.128<21> from 218.64.87.0——127 p>4. Restrict 218.64.87.0——127 access to all services hosts.denyALL: 218.64.87.0/255.255.255.128

where the colon is preceded by the TCP daemon's service process name, usually the system process is Specified in /etc/inetd.conf, such as in.ftpd, in.telnetd, in.sshd

There are several ways to write IP address ranges. The main three are: 1. Network address —&mdash Subnet mask mode: 218.64.87.0/255.255.255.02. Network address mode (I call it myself, huh, huh) 218.64. (ie IP address starting with 218.64) 3. Minimize the subnet mask mode, which is a few How many "1" are in front of the subnet mask? For example: 218.64.87.0/255.255.255.0 "===="218.64.87.0/24