Project development, often have to interact with the server file upload and download, ftp fast speed, but is transmitted in clear text, not safe enough. If ssh encrypted transmission, the speed dropped a lot. We can only allow access to the company's IP ftp, other IP access is not allowed, as follows.
-
/Etc/vsftpd/vsftpd.conf modify files
# open tcp_wrappers, so that you can set to allow and deny access to the IP in /etc/hosts.allow and /etc/host.deny in
tcp_wrappers = YES
configuration need to restart vsftpd (service vsftpd restart)
Edit /etc/hosts.deny file, add the command line
vsftpd: ALL (ban all IP access)
Edit /etc/hosts.allow file, add the command line
vsftpd: 172.16.30.0/255.255.255.0 (permit ip section 172.16.30 rhetorical question)
test:
The relationship 3./etc/hosts.allow and /etc/hosts.deny
find Allowed IP start hosts.allow file, if found to allow access, do not look for hosts.deny file, and if not found, in hosts.deny find, if found, refused, did not find, or allow access. hosts.deny file formats:
vsftpd: 172.168.30.2
vsftpd: 172.168.30.100: DENY
vsftpd: 172.168.30.
vsftpd: ALL
For example, we only allow access to the server from 172.168.30.0, others are denied access, so you can configure:
hosts.allow: vsftpd: 172.168.30.0
hosts.deny: vsftpd: ALL
For example, we want to ban certain IP access can also be configured in /etc/hosts.allow follows:
vsftpd: 172.168.30.100: DENY