简单控制访问ip,hosts.allow/hsots.deny a simple access control language that is based on client (host name/address, user name), and server (process name, host
name/address) patterns.
格式:
daemon_list : client_list [ : shell_command ]
参数:
ALL ###所有
LOCAL ###本地
172.24.0. == 172.24.0.0/255.255.255.0 == 172.24.0.*
/etc/hosts.allow
ALL:ALL :deny | allow
ALL:LOCAL
ALL:172.24.0.27 100.100.10.
sshd:172.24.0.
ALL: .bad.domain: DENY
ALL: ALL: ALLOW
/etc/hosts.deny
ALL: .friendly.domain: ALLOW
ALL: ALL: DENY
example:
/etc/hosts.allow
ALL:172.24.0.:ALLOW ###仅允许172.24.0.网段的IP访问
/etc/hosts.deny
ALL:ALL:DENY ###所有阻止
linux系统会先检查/etc/hosts.deny规则,再检查/etc/hosts.allow规则,如果有冲突,优先/etc/hosts.allow规则处理