linux 禁止指定ip访问

linux中如何禁止指定的ip访问呢?

比如被别人暴力破解,被别人使用不同的密码尝试登录:

 

所以我想直接禁用这些ip的访问.怎么办呢?

解决方案:修改配置文件/etc/hosts.deny

把要禁止ssh访问的ip都放在/etc/hosts.deny 中:

 

配置文件中有ip 117.136.38.47.

那么当这个ip尝试ssh登陆时,就会:

 

直接就拒绝登录了,都不会校验用户名和密码.

配置文件/etc/hosts.deny 内容:

#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd:121.42.0.15
sshd:121.42.0.17
sshd:121.42.0.19
sshd:121.42.0.30
sshd:121.42.0.31
sshd:121.42.0.36
sshd:121.15.151.181

使用# 可以注释 

也支持ip 局部匹配:

 

 

参考:解决阿里云主机受到攻击的问题2:

http://hw1287789687.iteye.com/blog/2269701