hosts 和 hosts.allow 文件之间有什么区别?据我所知,这两个文件似乎都是用于添加允许网络访问的 IP 地址。
以下是我的主机和 hosts.allow 文件:
/etc/hosts
127.0.0.1 localhost
127.0.1.1 craig-PE-T130
The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
/etc/hosts.allow
list of hosts that are allowed to access the system.
See the manual pages hosts_access(5) and hosts_options(5).
Example: ALL: LOCAL @some_netgroup
ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
If you're going to protect the portmapper use the name "rpcbind" for the
daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
答案1
两者的功能有很大不同。
/etc/hosts
用作本地apache
实例上的本地 DNS 或nginx
根据情况映射domain names
到ip address 127.0.*.*
。From "man hosts": hosts - static table lookup for hostnames. So when we request a domain in our browser say "mydoman.com", our system checks in the /etc/hosts files to resolve this "domain name" to an "IP address". If we have that entry in the "/etc/hosts" file then the page content is served up from our machine files else it look out on the inter- net to resolve that name.
/etc/host.allow
并像控制外部源对机器或网络的访问/etc/hosts.deny
一样使用。请注意iptable
iptables 和主机访问不能同时使用。要么使用iptables
主机访问控制机制,要么使用access control library
机制Example hosts file entries are # # hosts.allow This file describes the names of # the hosts that are allowed to use # the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # Only allow connections within the virginia.edu # domain. ALL: .virginia.edu # # hosts.deny This file describes the names of # the hosts that are *not* allowed # to use the local INET services, as # decided by the '/usr/sbin/tcpd' # server. # # deny all by default, only allowing hosts or # domains listed in hosts.allow. ALL: ALL
资料来源:
人主机,人hosts_access,弗吉尼亚教育网
答案2
/etc/hosts
是允许在本地主机上进行名称解析的文件。获取 Ipv4 或 IPv6 地址并将其转换为友好名称。
/etc/hosts.allow
由协议用来XDCMP
提供允许访问服务的机器列表。
答案3
这
etc/hosts
文件用于将域名与 IP 地址关联起来。IP 地址的条目在一行中给出。在当今的系统中,etc/hosts 文件(也称为主机表)被 DNS 服务器抑制。我主要将其用于本地测试。它是操作系统 Internet 协议 (IP) 实现的常见部分。
这
etc/hosts.allow or etc/hosts.deny
用于允许/拒绝访问不同的服务。
一般来说,这些文件现在已被弃用。如果你想通过这种方式阻止对服务的访问,你需要查找该服务是否已使用 TCP Wrappers 进行编译。防火墙是阻止服务的好方法。