禁用ssh登陆
就编辑:/etc/hosts.deny
在里面添加以下
格式:sshd:IP:deny
sshd:42.236.74.73:deny
centos7防火墙
第一种方式:
开放或限制IP
1、限制IP地址访问 firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="ip" drop' 或 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="ip" port protocol="tcp" port="80" reject" 2、解除IP地址限制 firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="ip" accept' 或 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="ip" port protocol="tcp" port="80" accept" 3、查看已经设置的规则 firewall-cmd --zone=public --list-rich-rules
设置好后,需要重新加载一下防火墙规则,使设置生效
firewall-cmd --reload
第二种方式:
可以直接编辑防火墙规则文件: vi /etc/firewalld/zones/public.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <port protocol="tcp" port="80"/> </zone> 在zone里面添加以下 <rule family="ipv4"> <source address="192.168.0.222"/> <drop/> </rule>
最终排版如下:
<?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <port protocol="tcp" port="80"/> <rule family="ipv4"> <source address="192.168.0.222"/> <drop/> </rule> </zone>
设置好后,执行firewall-cmd --reload ,使用设置生效
反之,如果不想限制删除中间那一段<rule></rule>即可