프로그래밍

[linux] 특정 클라이언트만 서비스 허용 하기hosts.allow allow

2hansoul 2022. 10. 17. 16:08
반응형

hosts.allow deny 

hosts.allow allow 

특정한 클라이언트에게만 서비스를 허용(allow) 또는 차단(deny)하는 역활을 한다

 

1.hosts.allow deny 

[root@vm129 ~]# cat /etc/hosts.deny 
#
# hosts.deny	This file contains access rules which are used to
#		deny connections to network services that either use
#		the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		The rules in this file can also be set up in
#		/etc/hosts.allow with a 'deny' option instead.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
ALL:ALL

모든 클라이언트를 차단시키고 진행 한다 ALL:ALL

 

2. hosts.allow allow

[root@vm129 ~]# cat /etc/hosts.allow 
#
# hosts.allow	This file contains access rules which are used to
#		allow or deny connections to network services that
#		either use the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
sshd : 192.168.5.120:allow

sshd 특정 클라인트만 허용하고 후 저장한다

 

3. ssh 접속 확인 

http://https://hansoul.tistory.com/184전에 포스팅에서 ssh 연결하는 작업을 하였다 

A서버(192.168.5.129)->B(192.168.5.130)

현재 deny에서 모든 클라이언트 접속을 차단 시켰고 192.168.5.120 만 접속가능하게 설정했기 때문에 접속이 실패처리 됨

[root@vm129 ~]# cat /etc/hosts.allow 
#
# hosts.allow	This file contains access rules which are used to
#		allow or deny connections to network services that
#		either use the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
sshd : 192.168.5.130:allow

다시 B서버 ip인 130을 접속허용 시킨다 

변경시 다시 접속이 되는건 확인 할수 있다

 

4. ip 대역대 허용

[root@vm129 ~]# cat /etc/hosts.allow 
#
# hosts.allow	This file contains access rules which are used to
#		allow or deny connections to network services that
#		either use the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
sshd : 192.168.5.0/192.168.5.255:allow

0~255 모든 대역대에서 접속이 가능 한걸 확인 할수 있다 회사같은 곳에서 ip대역대로 설정하여 직원들 접속을 가능하게 설정을 많이 한다 

반응형