/etc/hosts.allow : 明确允许
/etc/hosts.deny : 明确拒绝
明确允许优先于明确拒绝
hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd : ALL
hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd : 127.0.0.1, 127.0.0.2