首页 > 开发 > 综合 > 正文

vsftpd-1.1.3配制实例之三:PER_IP_CONFIG

2024-07-21 02:35:43
字体:
来源:转载
供稿:网友

  This example should quickly show you the possibilites of per-ip configuration
  with vsFTPd's tcp_wrappers integration. This is new with v1.1.3.
  To use this, you need vsftpd built with tcp_wrappers! This is accomplished
  by editing "builddefs.h" and changing
  #undef VSF_BUILD_TCPWRAPPERS
  to
  #define VSF_BUILD_TCPWRAPPERS
  And then rebuild. If you are lUCky your vendor will have shipped the vsftpd
  binary with this already done for you.
  Next, to enable tcp_wrappers integration, you need this in your vsftpd.conf:
  tcp_wrappers=YES
  And you'll need a tcp_wrappers config file. An example one is supplied in this
  Directory: hosts.allow. It lives at /etc/hosts.allow.
  Let's have a look at the example:
  vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
  vsftpd: 192.168.1.4: DENY
  The first line:
  If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd
  config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are
  applied ON TOP of the default vsftpd.conf.
  This is obviously very powerful. You might use this to apply different
  access restrictions for some IPs (e.g. the ability to upload).
  Or you could give certain classes of IPs the ability to skip connection
  limits (max_clients=0).
  Or you could increase / decrease the bandwidth limiter for certain classes
  of IPs.
  You get the point :-)
  The second line:
  Denies the ability of 192.168.1.4 to connect. Very useful to take care of
  troublemakers. And now you don't need xinetd to do it - hurrah.
  hosts.allow
  #
  # hosts.allow This file describes the names of the hosts which are
  # allowed to use the local INET services, as decided
  # by the '/usr/sbin/tcpd' server.
  #
  vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
  vsftpd: 192.168.1.4: DENY

发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表