1
|
Linux секция за начинаещи / Настройка на програми / Въпрос за ограничение на трафика
|
-: Apr 06, 2007, 23:00
|
извинявам се за глупавия въпрос но искам да попитам в следния скрипт има ли някъде да е оказано да има ограничение на трафика Примерен код |
IPTABLES="/usr/sbin/iptables" INET_IFACE="eth0" LAN_IFACE1="eth1" INET_IP=`ifconfig $INET_IFACE | grep inet | cut -d : -f 2 | cut -d ' ' -f 1` LAN_IP1=`ifconfig $LAN_IFACE1 | grep inet | cut -d : -f 2 | cut -d ' ' -f 1` $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
|
и по-скоро не разбирам частта
Примерен код | | grep inet | cut -d : -f 2 | cut -d ' ' -f 1`
|
Благодаря предварително !
|
|
|
2
|
Linux секция за начинаещи / Настройка на програми / security
|
-: Jul 31, 2005, 00:16
|
Здрасти отново ,
мерси много за помощта ,наистина ми е от полза 10х пак. Ще се разровя о ще видя какво мога да направя по въпроса.
Само още нещо. Мже ли да ЪПдейтна слака си до current или трябва инсталл на ново всичко.
П.С. Services-ите са съвсем малко т.е. само нах-необходимото за такава машина.
10х
|
|
|
3
|
Linux секция за начинаещи / Настройка на програми / security
|
-: Jul 30, 2005, 18:31
|
Здравейте отново днес искам помощ за втори път ,но какво да се праи нали затова е този форум. абе днес некъв ми е влизал в системата(Линукс Слак 9) оставил ми e бележка в една от директориите. как да разбера кога и как е влязал т.е. кои логове трябва да проверя и какво ще ме посъветвате за в бъдеще да не се получава такова нещо. Системата е Линукс Слак 9 пуснати са: Samba за 8 PC-та като в smb.conf hosts.deny = all ; hosts.allow = ip-pc1 ip-pc2 ...... ....... ..... ip-pc8 има стартиран и sshd(ще го изклиуч вече) как да си направя firewall така ,че системата да работи само за тези 8 пц-та има вариант с iptables ,но не ми е ясно тряя се занимавам ,затова ако може малко помощ. П.С. команда last не показвада е влизал някой друг освен мен ,а и знам ,че има вариант като влезе някой да си заличи следите от last '>
|
|
|
5
|
Linux секция за начинаещи / Настройка на програми / chmod
|
-: Jul 30, 2005, 17:29
|
Здравейте , проблемът ми е : как под команден режим мога да сменя атрибутите на ЦЯЛОТО дърео от директории. Да речем че имам дир /11/22/33/44 сега като напиша chmod a-w /11 writable-a се маха само за дир /11 но не и за останалите поддиректории. Как да стане така ,че всичко след /11 също да е -w '> 10x предварително
|
|
|
6
|
Linux секция за начинаещи / Настройка на програми / Lilo и ХР
|
-: Jan 09, 2005, 00:49
|
Примерен код | Disk /dev/hda: 20.4 GB, 20490559488 bytes 255 heads, 63 sectors/track, 2491 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System /dev/hda1 * 1 192 1542208+ b Win95 FAT32 /dev/hda2 193 2491 18466717+ f Win95 Ext'd (LBA) /dev/hda5 193 509 2546271 b Win95 FAT32 /dev/hda6 510 766 2064321 7 HPFS/NTFS /dev/hda7 767 2083 10578771 b Win95 FAT32 /dev/hda8 2084 2452 2963961 83 Linux /dev/hda9 2453 2491 313236 82 Linux swap
|
|
|
|
7
|
Linux секция за начинаещи / Настройка на програми / Lilo и ХР
|
-: Jan 08, 2005, 01:14
|
Примерен код | # LILO configuration file # generated by 'liloconfig' # # Start LILO global section boot = /dev/hda message = /boot/boot_message.txt prompt timeout = 10 # Override dangerous defaults that rewrite the partition table: change-rules reset # VESA framebuffer console @ 1024x768x256 vga = 773 # Normal VGA console # vga = normal # VESA framebuffer console @ 1024x768x64k # vga=791 # VESA framebuffer console @ 1024x768x32k # vga=790 # VESA framebuffer console @ 1024x768x256 # vga=773 # VESA framebuffer console @ 800x600x64k # vga=788 # VESA framebuffer console @ 800x600x32k # vga=787 # VESA framebuffer console @ 800x600x256 # vga=771 # VESA framebuffer console @ 640x480x64k # vga=785 # VESA framebuffer console @ 640x480x32k # vga=784 # VESA framebuffer console @ 640x480x256 # vga=769 # End LILO global section # DOS bootable partition config begins
other = /dev/hda1 label = Windows98 table = /dev/hda other = /dev/hda6 label = WindowsXP table = /dev/hda
# DOS bootable partition config ends # Linux bootable partition config begins
image = /boot/bzImage-2.6.8 root = /dev/hda8 label = Linux read-only
image = /boot/vmlinuz root = /dev/hda8 label = Linux_old read-only
# Linux bootable partition config ends
|
|
|
|
9
|
Linux секция за начинаещи / Настройка на програми / отново CBQ
|
-: Aug 01, 2004, 23:46
|
ми проблема си остана същия и с 0.7.2 ./cbq.init compile e ok и после ./cbq.init start и ми изписва един ред с команди които мога да използвам един вид ми казва ,че това е не валидна команда изписва ето това
CBQ.INIT USEGE: {start|compile|lise|........}
и после го пускам пак ./cbq.init start и вече започва да казва
FATAL: Module sch_cbq already in kernel. **CBQ: failed to load module sch_cbq
и т.н.
|
|
|
10
|
Linux секция за начинаещи / Настройка на програми / отново CBQ
|
-: Jul 29, 2004, 20:04
|
Примерен код |
export LC_ALL=C
### Command locations TC=/sbin/tc IP=/sbin/ip MP=/sbin/modprobe
### Default filter priorities (must be different) PRIO_RULE_DEFAULT=${PRIO_RULE:-100} PRIO_MARK_DEFAULT=${PRIO_MARK:-200} PRIO_REALM_DEFAULT=${PRIO_REALM:-300}
### Default CBQ_PATH & CBQ_CACHE settings CBQ_PATH=${CBQ_PATH:-/etc/sysconfig/cbq} CBQ_CACHE=${CBQ_CACHE:-/var/cache/cbq.init}
### Uncomment to enable logfile for debugging #CBQ_DEBUG="/var/run/cbq-$1"
### Modules to probe for. Uncomment the last CBQ_PROBE ### line if you have QoS support compiled into kernel CBQ_PROBE="sch_cbq sch_tbf sch_sfq sch_prio" CBQ_PROBE="$CBQ_PROBE cls_fw cls_u32 cls_route" #CBQ_PROBE=""
### Keywords required for qdisc & class configuration CBQ_WORDS="DEVICE|RATE|WEIGHT|PRIO|PARENT|LEAF|BOUNDED|ISOLATED" CBQ_WORDS="$CBQ_WORDS|PRIO_MARK|PRIO_RULE|PRIO_REALM|BUFFER" CBQ_WORDS="$CBQ_WORDS|LIMIT|PEAK|MTU|QUANTUM|PERTURB"
############################################################################# ############################# SUPPORT FUNCTIONS ############################# #############################################################################
### Get list of network devices cbq_device_list () { ip link show| sed -n "/^[0-9]/ \ { s/^[0-9]\+: \([a-z0-9._]\+\)[:@].*/\1/; p; }" } # cbq_device_list
### Remove root class from device $1 cbq_device_off () { tc qdisc del dev $1 root 2> /dev/null } # cbq_device_off
### Remove CBQ from all devices cbq_off () { for dev in `cbq_device_list`; do cbq_device_off $dev done } # cbq_off
### Prefixed message cbq_message () { echo -e "**CBQ: $@" } # cbq_message
### Failure message cbq_failure () { cbq_message "$@" exit 1 } # cbq_failure
### Failure w/ cbq-off cbq_fail_off () { cbq_message "$@" cbq_off exit 1 } # cbq_fail_off
### Convert time to absolute value cbq_time2abs () { local min=${1##*:}; min=${min##0} local hrs=${1%%:*}; hrs=${hrs##0} echo $[hrs*60 + min] } # cbq_time2abs
### Display CBQ setup cbq_show () { for dev in `cbq_device_list`; do [ `tc qdisc show dev $dev| wc -l` -eq 0 ] && continue echo -e "### $dev: queueing disciplines\n" tc $1 qdisc show dev $dev; echo
[ `tc class show dev $dev| wc -l` -eq 0 ] && continue echo -e "### $dev: traffic classes\n" tc $1 class show dev $dev; echo
[ `tc filter show dev $dev| wc -l` -eq 0 ] && continue echo -e "### $dev: filtering rules\n" tc $1 filter show dev $dev; echo done } # cbq_show
### Check configuration and load DEVICES, DEVFIELDS and CLASSLIST from $1 cbq_init () { ### Get a list of configured classes CLASSLIST=`find $1 \( -type f -or -type l \) -name 'cbq-*' \ -not -name '*~' -maxdepth 1 -printf "%f\n"| sort` [ -z "$CLASSLIST" ] && cbq_failure "no configuration files found in $1!"
### Gather all DEVICE fields from $1/cbq-* DEVFIELDS=`find $1 \( -type f -or -type l \) -name 'cbq-*' \ -not -name '*~' -maxdepth 1| xargs sed -n 's/#.*//; \ s/[[:space:]]//g; /^DEVICE=[^,]*,[^,]*\(,[^,]*\)\?/ \ { s/.*=//; p; }'| sort -u` [ -z "$DEVFIELDS" ] && cbq_failure "no DEVICE field found in $1/cbq-*!"
### Check for different DEVICE fields for the same device DEVICES=`echo "$DEVFIELDS"| sed 's/,.*//'| sort -u` [ `echo "$DEVICES"| wc -l` -ne `echo "$DEVFIELDS"| wc -l` ] && cbq_failure "different DEVICE fields for single device!\n$DEVFIELDS" } # cbq_init
### Load class configuration from $1/$2 cbq_load_class () { CLASS=`echo $2| sed 's/^cbq-0*//; s/^\([0-9a-fA-F]\+\).*/\1/'` CFILE=`sed -n 's/#.*//; s/[[:space:]]//g; /^[[:alnum:]_]\+=[[:alnum:].,:;/*@-_]\+$/ p' $1/$2`
### Check class number IDVAL=`/usr/bin/printf "%d" 0x$CLASS 2> /dev/null` [ $? -ne 0 -o $IDVAL -lt 2 -o $IDVAL -gt 65535 ] && cbq_fail_off "class ID of $2 must be in range <0002-FFFF>!"
### Set defaults & load class RATE=""; WEIGHT=""; PARENT=""; PRIO=5 LEAF=tbf; BOUNDED=yes; ISOLATED=no BUFFER=10Kb/8; LIMIT=15Kb; MTU=1500 PEAK=""; PERTURB=10; QUANTUM=""
PRIO_RULE=$PRIO_RULE_DEFAULT PRIO_MARK=$PRIO_MARK_DEFAULT PRIO_REALM=$PRIO_REALM_DEFAULT
eval `echo "$CFILE"| grep -E "^($CBQ_WORDS)="`
### Require RATE/WEIGHT [ -z "$RATE" -o -z "$WEIGHT" ] && cbq_fail_off "missing RATE or WEIGHT in $2!"
### Class device DEVICE=${DEVICE%%,*} [ -z "$DEVICE" ] && cbq_fail_off "missing DEVICE field in $2!"
BANDWIDTH=`echo "$DEVFIELDS"| sed -n "/^$DEVICE,/ \ { s/[^,]*,\([^,]*\).*/\1/; p; q; }"`
### Convert to "tc" options PEAK=${PEAK:+peakrate $PEAK} PERTURB=${PERTURB:+perturb $PERTURB} QUANTUM=${QUANTUM:+quantum $QUANTUM}
[ "$BOUNDED" = "no" ] && BOUNDED="" || BOUNDED="bounded" [ "$ISOLATED" = "yes" ] && ISOLATED="isolated" || ISOLATED="" } # cbq_load_class
############################################################################# #################################### INIT ################################### #############################################################################
### Check for presence of ip-route2 in usual place [ -x $TC -a -x $IP ] || cbq_failure "ip-route2 utilities not installed or executable!"
### ip/tc wrappers if [ "$1" = "compile" ]; then ### no module probing CBQ_PROBE=""
ip () { $IP "$@" } # ip
### echo-only version of "tc" command tc () { echo "$TC $@" } # tc
elif [ -n "$CBQ_DEBUG" ]; then echo -e "# `date`" > $CBQ_DEBUG
### Logging version of "ip" command ip () { echo -e "\n# ip $@" >> $CBQ_DEBUG $IP "$@" 2>&1 | tee -a $CBQ_DEBUG } # ip
### Logging version of "tc" command tc () { echo -e "\n# tc $@" >> $CBQ_DEBUG $TC "$@" 2>&1 | tee -a $CBQ_DEBUG } # tc else ### Default wrappers ip () { $IP "$@" } # ip tc () { $TC "$@" } # tc fi # ip/tc wrappers
case "$1" in
############################################################################# ############################### START/COMPILE ############################### #############################################################################
start|compile)
### Probe QoS modules (start only) for module in $CBQ_PROBE; do $MP $module || cbq_failure "failed to load module $module" done
### If we are in compile/nocache/logging mode, don't bother with cache if [ "$1" != "compile" -a "$2" != "nocache" -a -z "$CBQ_DEBUG" ]; then VALID=1
### validate the cache [ "$2" = "invalidate" -o ! -f $CBQ_CACHE ] && VALID=0 if [ $VALID -eq 1 ]; then [ `find $CBQ_PATH -maxdepth 1 -newer $CBQ_CACHE| \ wc -l` -gt 0 ] && VALID=0 fi
### compile the config if the cache is invalid if [ $VALID -ne 1 ]; then $0 compile > $CBQ_CACHE || cbq_fail_off "failed to compile CBQ configuration!" fi
### run the cached commands exec /bin/sh $CBQ_CACHE 2> /dev/null fi
### Load DEVICES, DEVFIELDS and CLASSLIST cbq_init $CBQ_PATH
### Setup root qdisc on all configured devices for dev in $DEVICES; do ### Retrieve device bandwidth and, optionally, weight DEVTEMP=`echo "$DEVFIELDS"| sed -n "/^$dev,/ { s/$dev,//; p; q; }"` DEVBWDT=${DEVTEMP%%,*}; DEVWGHT=${DEVTEMP##*,} [ "$DEVBWDT" = "$DEVWGHT" ] && DEVWGHT=""
### Device bandwidth is required if [ -z "$DEVBWDT" ]; then cbq_message "could not determine bandwidth for device $dev!" cbq_failure "please set up the DEVICE fields properly!" fi
### Check if the device is there ip link show $dev &> /dev/null || cbq_fail_off "device $dev not found!"
### Remove old root qdisc from device cbq_device_off $dev
### Setup root qdisc + class for device tc qdisc add dev $dev root handle 1 cbq \ bandwidth $DEVBWDT avpkt 1000 cell 8
### Set weight of the root class if set [ -n "$DEVWGHT" ] && tc class change dev $dev root cbq weight $DEVWGHT allot 1514
[ "$1" = "compile" ] && echo done # dev
### Setup traffic classes for classfile in $CLASSLIST; do cbq_load_class $CBQ_PATH $classfile
### Create the class tc class add dev $DEVICE parent 1:$PARENT classid 1:$CLASS cbq \ bandwidth $BANDWIDTH rate $RATE weight $WEIGHT prio $PRIO \ allot 1514 cell 8 maxburst 20 avpkt 1000 $BOUNDED $ISOLATED || cbq_fail_off "failed to add class $CLASS with parent $PARENT on $DEVICE!"
### Create leaf qdisc if set if [ "$LEAF" = "tbf" ]; then tc qdisc add dev $DEVICE parent 1:$CLASS handle $CLASS tbf \ rate $RATE buffer $BUFFER limit $LIMIT mtu $MTU $PEAK elif [ "$LEAF" = "sfq" ]; then tc qdisc add dev $DEVICE parent 1:$CLASS handle $CLASS sfq \ $PERTURB $QUANTUM fi
### Create fw filter for MARK fields for mark in `echo "$CFILE"| sed -n '/^MARK/ { s/.*=//; p; }'`; do ### Attach fw filter to root class tc filter add dev $DEVICE parent 1:0 protocol ip \ prio $PRIO_MARK handle $mark fw classid 1:$CLASS done ### mark
### Create route filter for REALM fields for realm in `echo "$CFILE"| sed -n '/^REALM/ { s/.*=//; p; }'`; do ### Split realm into source & destination realms SREALM=${realm%%,*}; DREALM=${realm##*,} [ "$SREALM" = "$DREALM" ] && SREALM=""
### Convert asterisks to empty strings SREALM=${SREALM#\*}; DREALM=${DREALM#\*}
### Attach route filter to the root class tc filter add dev $DEVICE parent 1:0 protocol ip \ prio $PRIO_REALM route ${SREALM:+from $SREALM} \ ${DREALM:+to $DREALM} classid 1:$CLASS done ### realm
### Create u32 filter for RULE fields for rule in `echo "$CFILE"| sed -n '/^RULE/ { s/.*=//; p; }'`; do ### Split rule into source & destination SRC=${rule%%,*}; DST=${rule##*,} [ "$SRC" = "$rule" ] && SRC=""
### Split destination into address, port & mask fields DADDR=${DST%%:*}; DTEMP=${DST##*:} [ "$DADDR" = "$DST" ] && DTEMP=""
DPORT=${DTEMP%%/*}; DMASK=${DTEMP##*/} [ "$DPORT" = "$DTEMP" ] && DMASK="0xffff"
### Split up source (if specified) SADDR=""; SPORT="" if [ -n "$SRC" ]; then SADDR=${SRC%%:*}; STEMP=${SRC##*:} [ "$SADDR" = "$SRC" ] && STEMP=""
SPORT=${STEMP%%/*}; SMASK=${STEMP##*/} [ "$SPORT" = "$STEMP" ] && SMASK="0xffff" fi
### Convert asterisks to empty strings SADDR=${SADDR#\*}; DADDR=${DADDR#\*}
### Compose u32 filter rules u32_s="${SPORT:+match ip sport $SPORT $SMASK}" u32_s="${SADDR:+match ip src $SADDR} $u32_s" u32_d="${DPORT:+match ip dport $DPORT $DMASK}" u32_d="${DADDR:+match ip dst $DADDR} $u32_d"
### Uncomment the following if you want to see parsed rules #echo "$rule: $u32_s $u32_d"
### Attach u32 filter to the appropriate class tc filter add dev $DEVICE parent 1:0 protocol ip \ prio $PRIO_RULE u32 $u32_s $u32_d classid 1:$CLASS done ### rule
[ "$1" = "compile" ] && echo done ### classfile ;;
############################################################################# ################################# TIME CHECK ################################ #############################################################################
timecheck)
### Get time + weekday TIME_TMP=`date +%w/%k:%M` TIME_DOW=${TIME_TMP%%/*} TIME_NOW=${TIME_TMP##*/}
### Load DEVICES, DEVFIELDS and CLASSLIST cbq_init $CBQ_PATH
### Run through all classes for classfile in $CLASSLIST; do ### Gather all TIME rules from class config TIMESET=`sed -n 's/#.*//; s/[[:space:]]//g; /^TIME/ { s/.*=//; p; }' \ $CBQ_PATH/$classfile` [ -z "$TIMESET" ] && continue
MATCH=0; CHANGE=0 for timerule in $TIMESET; do TIME_ABS=`cbq_time2abs $TIME_NOW` ### Split TIME rule to pieces TIMESPEC=${timerule%%;*}; PARAMS=${timerule##*;} WEEKDAYS=${TIMESPEC%%/*}; INTERVAL=${TIMESPEC##*/} BEG_TIME=${INTERVAL%%-*}; END_TIME=${INTERVAL##*-}
### Check the day-of-week (if present) [ "$WEEKDAYS" != "$INTERVAL" -a \ -n "${WEEKDAYS##*$TIME_DOW*}" ] && continue
### Compute interval boundaries BEG_ABS=`cbq_time2abs $BEG_TIME` END_ABS=`cbq_time2abs $END_TIME`
### Midnight wrap fixup if [ $BEG_ABS -gt $END_ABS ]; then [ $TIME_ABS -le $END_ABS ] && TIME_ABS=$[TIME_ABS + 24*60]
END_ABS=$[END_ABS + 24*60] fi
### If the time matches, remember params and set MATCH flag if [ $TIME_ABS -ge $BEG_ABS -a $TIME_ABS -lt $END_ABS ]; then TMP_RATE=${PARAMS%%/*}; PARAMS=${PARAMS#*/} TMP_WGHT=${PARAMS%%/*}; TMP_PEAK=${PARAMS##*/}
[ "$TMP_PEAK" = "$TMP_WGHT" ] && TMP_PEAK="" TMP_PEAK=${TMP_PEAK:+peakrate $TMP_PEAK}
MATCH=1 fi done ### timerule
cbq_load_class $CBQ_PATH $classfile
### Get current RATE of CBQ class RATE_NOW=`tc class show dev $DEVICE| sed -n \ "/cbq 1:$CLASS / { s/.*rate //; s/ .*//; p; q; }"` [ -z "$RATE_NOW" ] && continue
### Time interval matched if [ $MATCH -ne 0 ]; then
### Check if there is any change in class RATE if [ "$RATE_NOW" != "$TMP_RATE" ]; then NEW_RATE="$TMP_RATE" NEW_WGHT="$TMP_WGHT" NEW_PEAK="$TMP_PEAK" CHANGE=1 fi
### Match not found, reset to default RATE if necessary elif [ "$RATE_NOW" != "$RATE" ]; then NEW_WGHT="$WEIGHT" NEW_RATE="$RATE" NEW_PEAK="$PEAK" CHANGE=1 fi
### If there are no changes, go for next class [ $CHANGE -eq 0 ] && continue
### Replace CBQ class tc class replace dev $DEVICE classid 1:$CLASS cbq \ bandwidth $BANDWIDTH rate $NEW_RATE weight $NEW_WGHT prio $PRIO \ allot 1514 cell 8 maxburst 20 avpkt 1000 $BOUNDED $ISOLATED
### Replace leaf qdisc (if any) if [ "$LEAF" = "tbf" ]; then tc qdisc replace dev $DEVICE handle $CLASS tbf \ rate $NEW_RATE buffer $BUFFER limit $LIMIT mtu $MTU $NEW_PEAK fi
cbq_message "$TIME_NOW: class $CLASS on $DEVICE changed rate ($RATE_NOW -> $NEW_RATE)" done ### class file ;;
############################################################################# ################################## THE REST ################################# #############################################################################
stop) cbq_off ;;
list) cbq_show ;;
stats) cbq_show -s ;;
restart) shift $0 stop $0 start "$@" ;;
*) echo "Usage: `basename $0` {start|compile|stop|restart|timecheck|list|stats}" esac
|
Примерен код | #MY cbq.init
DEVICE=eth0,100Mbit,10Mbit RATE=40Kbit WEIGHT=4Kbit PRIO=5 RULE=192.168.0.2,
|
Примерен код | #MY cbq.init
DEVICE=eth1,100Mbit,10Mbit RATE=40Kbit WEIGHT=4Kbit PRIO=5 RULE=192.168.0.2
|
ето това е всичко
|
|
|
11
|
Linux секция за начинаещи / Настройка на програми / отново CBQ
|
-: Jul 28, 2004, 00:08
|
та значи пускам ./cbq.init compile - минава идеално ./cbq.init start - казва Примерен код | FATAL: Module sch_cbq already in kernel. **CBQ: failed to load module sch_cbq
|
модула не е компилиран в кърнъла ,а той си го е заредил (cbq.init-a) и казва това ?!?!?
./cbq.init list
Примерен код | ### eth0: queueing disciplines
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]
### eth1: queueing disciplines
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]
|
къде е проблема ?
|
|
|
14
|
Linux секция за начинаещи / Настройка на програми / Traffic Shaper
|
-: Jul 21, 2004, 15:33
|
Цитат (ivanatora @ Юли 21 2004,11:54) | ги бухаш в /etc/sysconfig/cbq (ако не си указал друга папка в скрипта) и правиш cbq.init compile cbq.init start cbq.init list Ако последното ти изкара редове с правила значи е добре. Дерзай '> |
зa какъв скрипт става въпрос нещо хич ме няма
|
|
|
15
|
Linux секция за начинаещи / Настройка на програми / Проблем със Samba
|
-: Jul 20, 2004, 17:01
|
най-просто
добави един ред hosts deny = ALL над реда hosts allow а след = на hosts allow опиши мрежата или всеки хост КОЙТО ЩЕ ИМА ДОСТЪП.
да речем ,че САМО искаш 192.168.1.0/24 да има достъп
тогава hosts deny = ALL hosts allow = 192.168.1.0/24
по този начин забраняваш всични(hosts deny = ALL) освен 192.168.1.0/24(hosts allow = 192.168.1.0/24)
|
|
|
|