8

Is it possible to setup vsftpd to only accept connections from a certain set of IP addresses?

I've looked at the /etc/vsftpd.conf for options but there is no hint at that. The manual does not either.

My Server OS : Red Hat Enterprise Linux Server release 6.5 (Santiago)

Castaglia
  • 3,349
  • 3
  • 21
  • 42
pixeline
  • 658
  • 3
  • 13
  • 29

1 Answers1

17

Seems you can use TCP Wrappers (just tested it on my Ubuntu) and use hosts.allow and hosts.deny to filter vsftpd access.

Add the following to your vsftpd.conf file :

tcp_wrappers=YES

Restart vsftpd.

In /etc/hosts.deny deny everyone for vsftpd :

vsftpd: ALL

Then, in /etc/hosts.allow add the authorized IPs :

vsftpd:192.168.0.39 192.168.0.50
krisFR
  • 13,280
  • 4
  • 36
  • 42
  • actually, it does not work. I can still access the server even though my IP adress is not one of the addresses listed in hosts.allow. – pixeline Mar 03 '14 at 20:02
  • 3
    nevermind: it works. Just be aware that you need to add a newline underneath the last command in your hosts.* files. (source: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-tcpwrappers.html) – pixeline Mar 03 '14 at 20:16
  • @pixeline Wow great and thanks for the info ! i admit i used to press "enter" each time i write a line in a file, so i didn't see this issue. Thanks for the tip ! Cheers – krisFR Mar 03 '14 at 20:33