[问题求助][RedHat] 想用iptables限制只能内网的地址才能用ssh服务，能实现吗？ [复制链接]

如题，不知道.iptables能.不能做到这一点，版主老大看看行得通不.

楼上的哥哥，能给个具体语句吗？

QUOTE:原帖由 storysky 于 2009-2-27 16:08 发表
如题，不知道iptables能不能做到这一点，版主老大看看行得通不

用tcpwarpper更好的

谁能给个具体的实现办法？

[root@nihao ~]# more /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
  sshd: ALL : deny
[root@nihao ~]# more /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
sshd: 192.168.0.230 :allow
这里写允许的ip或者网段

QUOTE:原帖由 gilet 于 2009-2-27 16:47 发表
[root@nihao ~]# more /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#         ...

谢谢这位仁兄，请问如果输入网段要加子网掩码吗？怎么加掩码？

[ 本帖最后由 storysky 于 2009-2-27 16:55 编辑 ]

不客气

iptables -A INPUT -p tcp -s 192.168.0.0/24 --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp -s ! 127.0.0.1 --destination-port 22 -j DROP

QUOTE:原帖由 storysky 于 2009-2-27 16:50 发表

谢谢这位仁兄，请问如果输入网段要加子网掩码吗？怎么加掩码？

用/