[Linux 常見問題] Limit ssh access by IP address

Source From Here 
To limit ssh access to a linux box based on originating IP address, edit /etc/hosts.allow: 

view plaincopy to clipboardprint?

1. sshd : localhost : allow  
2. sshd : 192.168.0. : allow  
3. sshd : 99.151.250.7 : allow  
4. sshd : mydomain.net : allow  
5. sshd : ALL : deny  

The above entry will allow ssh access from localhost, the 192.168.0.x subnet, the single IP address 99.151.250.7, and mydomain.net (assuming mydomain.net has a ptr record in place to facilitate reverse lookup). All other IP addresses will be denied access to sshd. 

Notes: 

* You can allow or deny based on ip address, subnet, or hostname.
* List rules in order of most to least specific. The file only gets read until a matching line is found, so if you start with ssdh : ALL : deny, no ssh connections will be allowed.
* You can control access to other tcp wrapped services as well - see the hosts.allow man page for details: http://linux.die.net/man/5/hosts.allow