A-A+

Linux下防止未授权IP使用ssh服务

2009年03月27日 未分类 暂无评论 阅读 1 次

方法一

iptables -A INPUT -p tcp -s 192.168.0.0/24 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s 192.168.1.0/24 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s ! 127.0.0.1 --destination-port 22 -j DROP

方法二

[root@nihao ~]# more /etc/hosts.deny

#

# hosts.deny This file describes the names of the hosts which are

# *not* allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

# The portmap line is redundant, but it is left to remind you that

# the new secure portmap uses hosts.deny and hosts.allow. In particular

# you should know that NFS uses portmap!

sshd: ALL : deny

[root@nihao ~]# more /etc/hosts.allow

#

# hosts.allow This file describes the names of the hosts which are

# allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

sshd: 192.168.0.230 :allow

这里写允许的ip或者网段

给我留言

Copyright © 浩然东方 保留所有权利.   Theme  Ality 07032740

用户登录