禁用ssh登陸
就編輯:/etc/hosts.deny
在里面添加以下
格式:sshd:IP:deny
sshd:42.236.74.73:deny
centos7防火牆
第一種方式:
開放或限制IP
1、限制IP地址訪問 firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="ip" drop' 或 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="ip" port protocol="tcp" port="80" reject" 2、解除IP地址限制 firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="ip" accept' 或 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="ip" port protocol="tcp" port="80" accept" 3、查看已經設置的規則 firewall-cmd --zone=public --list-rich-rules
設置好后,需要重新加載一下防火牆規則,使設置生效
firewall-cmd --reload
第二種方式:
可以直接編輯防火牆規則文件: vi /etc/firewalld/zones/public.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <port protocol="tcp" port="80"/> </zone> 在zone里面添加以下 <rule family="ipv4"> <source address="192.168.0.222"/> <drop/> </rule>
最終排版如下:
<?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <port protocol="tcp" port="80"/> <rule family="ipv4"> <source address="192.168.0.222"/> <drop/> </rule> </zone>
設置好后,執行firewall-cmd --reload ,使用設置生效
反之,如果不想限制刪除中間那一段<rule></rule>即可