一、白名单
配置文件:/etc/hosts.allow
cat /etc/hosts.allow
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
sshd:192.168.0.1,10.8.0.0/255.255.0.0
sshd:1.1.1.1/255.255.255.0,2.2.2.2/255.255.255.0,3.3.3.3
sshd:4.4.4.4
sshd:/etc/allow.list,5.5.5.5,2.2.2.2/255.255.255.0
二、黑名单
配置文件:/etc/hosts.deny
cat /etc/hosts.deny
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:ALL EXCEPT 192.168.0.0/255.255.0.0,127.0.0.1,127.0.0.2,/etc/deny.list