由 silver810212 在 10-14-2004 10:06 发表:
proftpd的各用户如何限制ip的访问
debian woody+proftpd
用户1:所有ip均可访问
用户2:仅限192.168..,202.200.*.*访问。
请问如何实现?
生命不息,学习不止!
你帮助我,我也帮助你。
由 faint 在 10-14-2004 13:57 发表:
1<limit login="">
2
3Order allow,deny
4
5Deny from ip1/mask2
6
7Deny from ip2/mask2
8
9Deny from all
10
11</limit>
由 silver810212 在 10-15-2004 16:06 发表:
> quote:
>
> * * *
>
> 最初由 faint 发表
>
> **
1<limit login="">
2>
3> Order allow,deny
4>
5> Deny from ip1/mask2
6>
7> Deny from ip2/mask2
8>
9> Deny from all
10>
11> </limit>
** > > * * *
有点问题吧?
应该是这样吧?
1<limit login="">
2
3Order allow,deny
4
5Allow from all
6
7Deny from ip1/mask2
8
9Deny from ip2/mask2
10
11</limit>
如果要实现我要求的那个功能应该是这样吧:
1<directory home="" usr1="">
2<limit login="">
3
4Order allow,deny
5
6Allow from all
7
8</limit>
9</directory>
1<directory home="" usr2="">
2<limit login="">
3
4Order allow,deny
5
6Allow from all
7
8Deny from ip1/mask2
9
10Deny from ip2/mask2
11
12</limit>
13</directory>
生命不息,学习不止!
你帮助我,我也帮助你。
由 silver810212 在 11-02-2004 14:08 发表:
>
> 源码:
>
> * * *
>
>
> >
> # This is a basic ProFTPD configuration file (rename it to
> >
> # 'proftpd.conf' for actual use. It establishes a single server
> >
> # and a single anonymous login. It assumes that you have a user/group
> >
> # "nobody" and "ftp" for normal operation and anon.
> >
>
> >
> ServerName "Bupticet's FTP server,powered by Proftpd on Debian linux"
> >
> ServerIdent On "Bupticet's FTP server,powered by Proftpd on Debian linux"
> >
> ServerType standalone
> >
> DeferWelcome off
> >
> #ServerIdent Off
> >
>
> >
> ShowSymlinks on
> >
> MultilineRFC2228 on
> >
> DefaultServer on
> >
> ShowSymlinks on
> >
> AllowOverwrite on
> >
> RequireValidShell off
> >
> AllowForeignAddress on
> >
> #PassivePorts 20000 30000
> >
>
> >
> TimeoutNoTransfer 600
> >
> TimeoutStalled 600
> >
> TimeoutIdle 120
> >
>
> >
> MaxInstances 250
> >
> DisplayLogin welcome.msg
> >
> DisplayFirstChdir .message
> >
> LsDefaultOptions "-l"
> >
>
> >
> DenyFilter *.*/
> >
>
> >
> # Uncomment this if you are using NIS or LDAP to retrieve passwords:
> >
> #PersistentPasswd off
> >
>
> >
> # Port 21 is the standard FTP port.
> >
> Port 21
> >
>
> >
> # To prevent DoS attacks, set the maximum number of child processes
> >
> # to 30. If you need to allow more than 30 concurrent connections
> >
> # at once, simply increase this value. Note that this ONLY works
> >
> # in standalone mode, in inetd mode you should use an inetd server
> >
> # that allows you to limit maximum number of processes per service
> >
> # (such as xinetd)
> >
> MaxInstances 30
> >
> MaxClientsPerHost 5
> >
>
> >
> # Set the user and group that the server normally runs at.
> >
> User nobody
> >
> Group nogroup
> >
> DefaultRoot ~
> >
> # Normally, we want files to be overwriteable.
> >
>
> >
>
1<directory "="" *"="" home="" silver="">
2> >
3> <limit login="">
4> >
5> Order deny,allow
6> >
7> Allow from 0.0.0.0/0.0.0.0
8> >
9> </limit>
10> >
11> </directory>
> >
>
> >
>
1<directory "="" *"="" home="" resin="">
2> >
3> <limit login="">
4> >
5> Order deny,allow
6> >
7> Deny from 0.0.0.0/0.0.0.0
8> >
9> Allow from 202.204.15.0/255.255.255.0
10> >
11> Allow from 202.204.14.0/255.255.255.0
12> >
13> Allow from 192.168.199.0/255.255.255.0
14> >
15> Allow from 192.168.200.0/255.255.255.0
16> >
17> </limit>
18> >
19> </directory>
> >
>
> >
>
1<directory *="">
2> >
3> Umask 022 022
4> >
5> AllowOverwrite on
6> >
7> </directory>
> >
>
> >
> # A basic anonymous configuration, no upload directories.
> >
>
> >
> ##
1<anonymous ~ftp="">
2> >
3> ## User ftp
4> >
5> ## Group nogroup
6> >
7> ## # We want clients to be able to login with "anonymous" as well as "ftp"
8> >
9> ## UserAlias anonymous ftp
10> >
11> ##
12> >
13> ## RequireValidShell off
14> >
15> ##
16> >
17> ## # Limit the maximum number of anonymous logins
18> >
19> ## MaxClients 10
20> >
21> ##
22> >
23> ## # We want 'welcome.msg' displayed at login, and '.message' displayed
24> >
25> ## # in each newly chdired directory.
26> >
27> ## DisplayLogin welcome.msg
28> >
29> ## DisplayFirstChdir .message
30> >
31> ##
32> >
33> ## # Limit WRITE everywhere in the anonymous chroot
34> >
35> ## <directory *="">
36> >
37> ## <limit write="">
38> >
39> ## DenyAll
40> >
41> ## </limit>
42> >
43> ## </directory>
44> >
45> ##
46> >
47> ## # Uncomment this if you're brave.
48> >
49> ## # <directory incoming="">
50> >
51> ## # # Umask 022 is a good standard umask to prevent new files and dirs
52> >
53> ## # # (second parm) from being group and world writable.
54> >
55> ## # Umask 022 022
56> >
57> ## # <limit read="" write="">
58> >
59> ## # DenyAll
60> >
61> ## # </limit>
62> >
63> ## # <limit stor="">
64> >
65> ## # AllowAll
66> >
67> #</limit></directory></anonymous>