linux ip白名单
配置文件:/etc/hosts.allow
/etc/hosts.deny
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd:210.192.100.
注意:ip后面不能缺少句点
设置黑名单
黑名单的含义就是不允许黑名单上的ip地址对当前服务器进行访问(这里要求Chain INPUT(policy ACCEPT))
iptables -A INPUT -p tcp -s 192.168.1.2 -j DROP
设置拒绝所有ip访问(慎用)
防火墙命令的执行是有先后顺序的,在设置好白名单,留好后路之后,再执行该命令,除了白名单的ip,拒绝其它所有ip访问
iptables -A INPUT -p tcp -j DROP