How can I block IP address range with sshd_config
Robert Locke
rlocke at ralii.com
Tue Jul 27 16:53:58 UTC 2004
On Tue, 2004-07-27 at 12:43, Michael Sullivan wrote:
> I've been reading over the hosts.deny man page to get some ideas, but
> I'm unclear on how to implement them. I know what I want to do, but I
> don't know how to do it. I want to allow all connections from my five
> users, those being acsacx, amy, michael, wayne and zack, unless those
> requests come from 211.182.241.* These acceptable accounts will likely
> only log in through ssh. I want to deny 211.182.241.* unconditonally.
> Can anyone give me an example of a hosts.allow/hosts.deny setup that
> would do this?
Add the following to your /etc/hosts.deny file:
sshd : 211.182.241.
(note the trailing dot - it is needed)
- or -
sshd : 211.182.241.0/255.255.255.0
Stay away from user level stuff in the hosts.allow and hosts.deny
files. They should really only be used for host level verification.
You may or may not need to restart sshd using the following:
service sshd restart
This will have sshd unconditionally drop anything coming from the one
network.
--Rob
More information about the fedora-list
mailing list