vsftpd 与TCP_wrapper 结合限制用户的ip地址登录.

发表于 2007-07-21 更新于 2025-02-15 分类于 FTP服务器

vsftpd 与TCP_wrapper 结合到一块来实现这种要求 /etc/hosts.allow 定义允许的地址: /etc/hosts.deny 定义拒绝的来源地址.

如下: /etc/hosts.allow

[root@BJFS-PIM root.adminssh]# cat /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the ‘/usr/sbin/tcpd’ server. # vsftpd :123.103.47.0/255.255.255.0 218.240.63.0/255.255.255.0 59.46.172.0/255.255.255.0 10.0.0.0/255.0.0.0 60.2.80.0/255.255.255.0 218.249.230.0/255.255.255.0 160.10.0.0/255.255.0.0 218.246.69.0/255.255.255.0 125.35.3.0/255.255.255.0:allow

/etc/hosts.deny如下: # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the ‘/usr/sbin/tcpd’ server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap!

vsftpd : ALL : DENY

将tcp_wrappers=yes添加至 /etc/vsftpd/vsftpd.conf 中 vi /etc/vsftpd/vsftpd.conf

tcp_wrappers=YES

重新启动vsftpd [root@home vsftpd]# /sbin/service vsftpd restart Shutting down vsftpd: OK ] Starting vsftpd for vsftpd: OK ]