Re: How can I block IP address range with sshd_config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-07-27 at 12:43, Michael Sullivan wrote:
> I've been reading over the hosts.deny man page to get some ideas, but
> I'm unclear on how to implement them.  I know what I want to do, but I
> don't know how to do it.  I want to allow all connections from my five
> users, those being acsacx, amy, michael, wayne and zack, unless those
> requests come from 211.182.241.*  These acceptable accounts will likely
> only log in through ssh.  I want to deny 211.182.241.* unconditonally. 
> Can anyone give me an example of a hosts.allow/hosts.deny setup that
> would do this?  

Add the following to your /etc/hosts.deny file:

sshd : 211.182.241.
(note the trailing dot - it is needed)
- or -
sshd : 211.182.241.0/255.255.255.0

Stay away from user level stuff in the hosts.allow and hosts.deny
files.  They should really only be used for host level verification.

You may or may not need to restart sshd using the following:

service sshd restart

This will have sshd unconditionally drop anything coming from the one
network.

--Rob



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux