vsftpd 与TCP_wrapper 结合到一块来实现这种要求
/etc/hosts.allow 定义允许的地址:
/etc/hosts.deny 定义拒绝的来源地址.
如下:
/etc/hosts.allow
[root@BJFS-PIM root.adminssh]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
vsftpd :123.103.47.0/255.255.255.0 218.240.63.0/255.255.255.0 59.46.172.0/255.255.255.0 10.0.0.0/255.0.0.0 60.2.80.0/255.255.255.0 218.249.230.0/255.255.255.0 160.10.0.0/255.255.0.0 218.246.69.0/255.255.255.0 125.35.3.0/255.255.255.0:allow
/etc/hosts.deny如下:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
vsftpd : ALL : DENY
将tcp_wrappers=yes添加至
/etc/vsftpd/vsftpd.conf 中
vi /etc/vsftpd/vsftpd.conf
tcp_wrappers=YES
重新启动vsftpd
[root@home vsftpd]# /sbin/service vsftpd restart
Shutting down vsftpd: OK ]
Starting vsftpd for vsftpd: OK ]
