熊仔阳光站

I mentioned on Twitter yesterday that I was doing some basic/introductory reading on MPLS, and someone asked what materials I was using. While I’m still very early in the process of trying to understand MPLS, I thought I might share the resources I’ve used so far in trying to wrap my head around MPLS, what it is, and the basics of how it works.

Here are some of the sites I’ve used so far:

MPLS Terminology
MPLS VPN terminology
MPLS Basics – LSR Terminology
Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
MPLS, Multi-Protocol Label Switching

As you can see, right now I’m focusing on what I call the grammar—that is, the day-to-day terminology and acronyms that are prevalent throughout any and all discussions of MPLS. Being able to recognize and know what an LSR is or what label imposition means is important and prepares me for future stages of learning. (Some people may recognize my use of “grammar” here as taken from the classical education approach.)

Even based on my limited reading so far, I’m beginning to get an idea of why MPLS can be so useful—and why MPLS can be complex. I’m looking forward to continuing my MPLS education. Resources and recommended reading are welcome in the comments!

I recently had the opportunity to work on a proof of concept (PoC) in which we wanted to help a customer streamline the processes needed to deploy new hosts and reduce the amount of time it took overall. One of the tools we used in the PoC for this purpose was PXE booting VMware ESX for an automated installation. Here are the details on how we made this work.

Before I get into the details, I’ll provide this disclaimer: there are probably easier ways of making this work. I specifically didn’t use UDA or similar because I wanted to gain the experience of how to do this the “old fashioned” way. I also wanted to be able to walk the customer through the “old fashioned” way and explain all the various components.

With that in mind, here are the components you’ll need to make this work:

1. You’ll need a DHCP server to pass down the PXE boot information. In this particular instance, I used an existing Windows-based DHCP server. Any DHCP server should work; feel free to use the Linux ISC DHCP server if you prefer.
2. You’ll need an FTP server to host the kickstart script and VMware ESX 4.0 Update 1 installation files. In this case, I used a third-party FTP server running on the same Windows-based server as DHCP. Again, feel free to use a Linux-based FTP server if you prefer.
3. You will need a TFTP server to provide the boot files. The third-party FTP server used in the previous step also provided TFTP functionality. Use whatever TFTP server you prefer.

Make sure that each of these components is working as expected before proceeding. Otherwise, you’ll spend time troubleshooting problems that aren’t immediately apparent.

Preparing for the Automated ESX Installation

First, copy the contents for the VMware ESX 4.0 Update 1 DVD—not the actual ISO, but the contents of the ISO—to a directory on the FTP server. Test it to make sure that the files can be accessed via an anonymous FTP user.

Also go ahead and create a simple kickstart script that automates the installation of VMware ESX. I won’t bother to go into detail on this step here; it’s been quite adequately documented elsewhere. You’ll need to put this kickstart script on the FTP server as well.

At this point, you’re ready to proceed with gathering the PXE boot files.

Gathering the PXE Boot Files

The first task you’ll need to complete is gathering the necessary files for a PXE boot environment.

First, copy the vmlinuz and initrd.img files from the VMware ESX 4.0 Update 1 ISO image. Since I use a Mac, for me this was a simple case of mounting the ISO image and copying out the files I needed. Linux or Windows users, it might be a bit more complicated for you. These files, by the way, are in the ISOLINUX folder on the DVD image.

Next, you’ll need the PXE boot files. Specifically, you’ll need the menu.c32 andpxelinux.0 files. These files are not on the DVD ISO image; you’ll have to download Syslinux from this web site. Once you download Syslinux, extract the files into a temporary directory. You’ll find menu.c32 in the com32/menu folder; you’ll find pxelinux.0 in the core folder. Copy both of these files, along withvmlinuz and initrd.img, into the root directory of the TFTP server. (If you don’t know the root directory of the TFTP server, double-check its configuration.)

You’re now ready to configure the PXE boot process.

Configuring the PXE Boot Environment

Once the necessary files have been placed into the root directory of the TFTP server, you’re ready to configure the PXE boot environment. To do this, you’ll need to create a PXE configuration file on the TFTP server.

The file should be placed into a folder named pxelinux.cfg under the root of the TFTP server. The filename of the PXE configuration file should be named something like this:

01-<MAC address of network interface on host>

If the MAC address of the host was 01:02:03:04:05:06, the name of the text file in the pxelinux.cfg folder on the TFTP server would be:

01-01-02-03-04-05-06

The PoC in which I was engaged involved Cisco UCS, so we knew in advance what the MAC addresses were going to be (the MAC address is assigned in the UCS service profile).

The contents of this file should look something like this (lines have been wrapped here for readability and are marked by backslashes; don’t insert any line breaks in the actual file):

default menu.c32
menu title Custom PXE Boot Menu Title
timeout 30

label scripted
menu label Scripted installation
kernel vmlinuz
append initrd=initrd.img mem=512M ksdevice=vmnic0 \
ks=ftp://A.B.C.D/ks.cfg
IPAPPEND 1

You’ll want to replace ftp://A.B.C.D/ks.cfg with the correct IP address and path for the kickstart script on the FTP server.

Only one step remains: configuring the DHCP server.

Configuring the DHCP Server for PXE Boot

As I mentioned earlier, I used the Windows DHCP server as a matter of ease and convenience; feel free to use whatever DHCP server best suits your needs. There are only two options that are necessary for PXE boot:

066 Boot Server Host Name (specify the IP address of the TFTP server)
067 Bootfile Name (specify pxelinux.0)

In this particular example, I created reservations for each MAC address. Because the values were the same for all reservations, I used server-wide DHCP options, but you could use reservation-specific DHCP options if you wanted different boot options on a per-MAC address (i.e., per-reservation) basis.

The End Result

Recall that this PoC was using Cisco UCS blades. Thus, in this environment, to prepare for a new host coming online we only had to make sure that we had a PXE configuration file and create a matching DHCP reservation. The MAC address would get assigned via the service profile, and when the blade booted then it would automatically proceed with an unattended installation. Combined with Host Profiles in VMware vCenter, this took the process of bringing new ESX/ESXi hosts online down to mere minutes. A definite win for any customer!

根据dshield.org的黑名单,可得到一堆危险的网段,中国的IP也占了一些,我看估计都是肉鸡.
防止这些危险的机器向我们发起攻击,决定把这些危险的IP网段封掉(debian测试通过).
当然,iptables也能做,但是在大流量攻击面前,无效路由显得更轻松,不会像iptables那样占用大量资源!

1. #!/bin/bash
2. # filename:  block_IPs.sh
3. # auth: baiqiuyi.com
4. curl ”http://www.spamhaus.org/drop/drop.lasso”|awk ’NR>1{print $1}’ >ip
5. if [ $? -eq 0 ];then
6. while read ip
7. do
8. /usr/bin/ipcalc $ip|sed -n ’/Address/p;/Netmask/p’|sed -r ’s/.*( ([0-9]{1,3}\.){3}[0-9]{1,3}).*/\1/’|sed ’N;s/\n/ netmask /g;s/^/route add -net/;s/$/ reject/’|bash
9. done < ip
10. rm -f ip
11. exit 0
12. fi

http://www.spamhaus.org/drop/drop.lasso

; Spamhaus DROP List 1/17/12 – (c) 2012 The Spamhaus Project
103.10.188.0/22 ; SBL117887
109.196.140.0/24 ; SBL101917
109.94.212.0/22 ; SBL84898
110.232.160.0/20 ; SBL79387
110.44.128.0/20 ; SBL79386
113.20.160.0/19 ; SBL79384
114.112.224.0/19 ; SBL115947
116.199.128.0/19 ; SBL56563
121.46.64.0/18 ; SBL72673
122.202.96.0/19 ; SBL87493
128.168.0.0/16 ; SBL51908
128.199.0.0/16 ; SBL62478
129.76.64.0/18 ; SBL101405
130.201.0.0/16 ; SBL101200
130.222.0.0/16 ; SBL101196
132.145.0.0/16 ; SBL101575
132.232.0.0/16 ; SBL9176
134.127.0.0/16 ; SBL101572
134.172.0.0/16 ; SBL101573
134.175.0.0/19 ; SBL114667
134.209.0.0/16 ; SBL101574
134.23.0.0/16 ; SBL101571
134.33.0.0/16 ; SBL7097
136.228.0.0/16 ; SBL89254
138.43.0.0/16 ; SBL69354
139.167.0.0/16 ; SBL64740
14.192.0.0/19 ; SBL123577
140.170.0.0/16 ; SBL79701
141.136.17.0/24 ; SBL124450
141.136.22.0/24 ; SBL115039
141.136.27.0/24 ; SBL117320
143.135.0.0/16 ; SBL84946
143.49.0.0/16 ; SBL7182
146.185.212.0/24 ; SBL125457
146.185.245.0/24 ; SBL117691
148.105.0.0/16 ; SBL103491
148.178.0.0/16 ; SBL79700
148.248.0.0/16 ; SBL84763
150.141.0.0/16 ; SBL79702
151.123.0.0/16 ; SBL89692
152.147.0.0/16 ; SBL8847
155.190.0.0/16 ; SBL89253
157.226.0.0/16 ; SBL89693
157.232.0.0/17 ; SBL101404
159.223.0.0/16 ; SBL98308
162.125.0.0/16 ; SBL101854
167.224.0.0/19 ; SBL106073
167.28.0.0/16 ; SBL75680
167.97.0.0/16 ; SBL12947
170.106.0.0/16 ; SBL89688
170.120.0.0/16 ; SBL90515
170.197.0.0/16 ; SBL111400
170.67.0.0/16 ; SBL8148
170.75.0.0/16 ; SBL89663
174.138.144.0/20 ; SBL97570
178.218.128.0/20 ; SBL109867
186.190.224.0/21 ; SBL126282
188.170.192.0/21 ; SBL86928
188.212.0.0/20 ; SBL91807
188.247.135.0/24 ; SBL117319
188.247.232.0/24 ; SBL122298
192.101.200.0/21 ; SBL97211
192.101.240.0/21 ; SBL97209
192.101.248.0/23 ; SBL97208
192.112.112.0/20 ; SBL97012
192.160.44.0/24 ; SBL9493
192.171.64.0/19 ; SBL106074
192.197.87.0/24 ; SBL103493
192.219.120.0/21 ; SBL103494
192.219.128.0/18 ; SBL103497
192.219.192.0/20 ; SBL103495
192.219.208.0/21 ; SBL103496
192.223.64.0/18 ; SBL85852
192.229.32.0/19 ; SBL106075
192.26.25.0/24 ; SBL84941
192.31.212.0/23 ; SBL84945
192.43.153.0/24 ; SBL69615
192.43.154.0/23 ; SBL69616
192.43.156.0/22 ; SBL69617
192.43.160.0/24 ; SBL69618
192.43.175.0/24 ; SBL84942
192.43.176.0/21 ; SBL84943
192.43.184.0/24 ; SBL84944
192.67.16.0/24 ; SBL6648
192.86.85.0/24 ; SBL69619
193.104.110.0/24 ; SBL82582
193.104.12.0/24 ; SBL90815
193.104.176.0/24 ; SBL86727
193.104.34.0/24 ; SBL93305
193.104.41.0/24 ; SBL82374
193.104.94.0/24 ; SBL85667
193.105.121.0/24 ; SBL105184
193.105.132.0/24 ; SBL97862
193.105.141.0/24 ; SBL87368
193.105.154.0/24 ; SBL89482
193.105.184.0/24 ; SBL87567
193.105.207.0/24 ; SBL90339
193.105.245.0/24 ; SBL90611
193.106.172.0/22 ; SBL121572
193.106.32.0/22 ; SBL94569
193.107.16.0/22 ; SBL96179
193.110.136.0/24 ; SBL3399
193.111.235.0/24 ; SBL105552
193.142.244.0/24 ; SBL57948
193.148.47.0/24 ; SBL89508
193.16.100.0/24 ; SBL61945
193.16.213.0/24 ; SBL107116
193.169.250.0/23 ; SBL82277
193.178.172.0/24 ; SBL97792
193.186.9.0/24 ; SBL100318
193.201.192.0/23 ; SBL97705
193.228.145.0/24 ; SBL59581
193.23.126.0/24 ; SBL96354
193.238.0.0/22 ; SBL102113
193.243.166.0/24 ; SBL123249
193.27.232.0/23 ; SBL96584
193.27.246.0/23 ; SBL70826
193.39.78.0/24 ; SBL125750
193.41.38.0/24 ; SBL95370
193.42.149.0/24 ; SBL122447
193.43.134.0/24 ; SBL89390
193.46.211.0/24 ; SBL89393
194.0.221.0/24 ; SBL94509
194.0.245.0/24 ; SBL100724
194.1.220.0/23 ; SBL98808
194.110.160.0/22 ; SBL60306
194.116.146.0/23 ; SBL50590
194.126.193.0/24 ; SBL58152
194.126.251.0/24 ; SBL90537
194.140.229.0/24 ; SBL92226
194.146.204.0/22 ; SBL51152
194.165.4.0/23 ; SBL74236
194.242.2.0/23 ; SBL115030
194.247.48.0/24 ; SBL107155
194.247.58.0/24 ; SBL102270
194.28.112.0/22 ; SBL97101
194.28.44.0/22 ; SBL90787
194.54.156.0/22 ; SBL90652
194.60.205.0/24 ; SBL84134
194.60.242.0/24 ; SBL126406
194.63.144.0/22 ; SBL98807
194.8.74.0/23 ; SBL76200
195.114.8.0/23 ; SBL48773
195.14.112.0/23 ; SBL94658
195.149.88.0/24 ; SBL96583
195.162.6.0/23 ; SBL72664
195.182.57.0/24 ; SBL88206
195.190.157.0/24 ; SBL100863
195.191.102.0/23 ; SBL100272
195.2.212.0/23 ; SBL71954
195.225.176.0/22 ; SBL47622
195.226.197.0/24 ; SBL97616
195.226.220.0/24 ; SBL97864
195.238.242.0/24 ; SBL57947
195.28.10.0/23 ; SBL107661
195.5.161.0/24 ; SBL87267
195.54.170.0/23 ; SBL94502
195.74.88.0/23 ; SBL53174
195.78.108.0/23 ; SBL87005
195.85.204.0/24 ; SBL102328
195.88.190.0/23 ; SBL79119
195.88.226.0/23 ; SBL77731
195.93.184.0/23 ; SBL83327
195.93.208.0/23 ; SBL80356
195.95.151.0/24 ; SBL80032
195.95.155.0/24 ; SBL84230
196.32.216.0/21 ; SBL66614
198.12.32.0/19 ; SBL103690
198.13.0.0/20 ; SBL97016
198.151.152.0/22 ; SBL23969
198.162.208.0/20 ; SBL97027
198.181.64.0/19 ; SBL106079
198.183.32.0/19 ; SBL96708
198.186.16.0/20 ; SBL75933
198.186.25.0/24 ; SBL23976
198.20.16.0/20 ; SBL107773
198.204.0.0/21 ; SBL8179
198.205.64.0/19 ; SBL106080
198.23.32.0/20 ; SBL101186
198.45.32.0/20 ; SBL110170
198.57.64.0/20 ; SBL101250
198.96.224.0/20 ; SBL110171
199.120.163.0/24 ; SBL6658
199.165.32.0/19 ; SBL97023
199.166.200.0/22 ; SBL6026
199.196.192.0/19 ; SBL106606
199.198.160.0/20 ; SBL96701
199.198.176.0/21 ; SBL109341
199.198.184.0/23 ; SBL109342
199.198.188.0/22 ; SBL109343
199.200.64.0/19 ; SBL107014
199.230.64.0/19 ; SBL97024
199.230.96.0/21 ; SBL97026
199.245.138.0/24 ; SBL9923
199.246.137.0/24 ; SBL113125
199.246.213.0/24 ; SBL113126
199.246.215.0/24 ; SBL103499
199.248.64.0/18 ; SBL103438
199.33.145.0/24 ; SBL103498
199.34.128.0/18 ; SBL96704
199.46.32.0/19 ; SBL96703
199.5.152.0/23 ; SBL96745
199.60.102.0/24 ; SBL9159
199.84.64.0/19 ; SBL96702
199.88.32.0/20 ; SBL109258
199.88.48.0/22 ; SBL109259
2.56.0.0/14 ; SBL102988
200.106.128.0/20 ; SBL85870
200.115.112.0/20 ; SBL86809
200.125.168.0/21 ; SBL99523
200.22.0.0/16 ; SBL84896
200.3.128.0/20 ; SBL107775
200.50.192.0/19 ; SBL77554
201.7.208.0/20 ; SBL122519
201.71.0.0/20 ; SBL38197
202.61.108.0/24 ; SBL98492
203.31.88.0/23 ; SBL8083
203.34.70.0/23 ; SBL9682
203.34.71.0/24 ; SBL7244
204.106.128.0/18 ; SBL105808
204.106.192.0/19 ; SBL106078
204.107.208.0/24 ; SBL96699
204.126.244.0/23 ; SBL96747
204.130.167.0/24 ; SBL113127
204.187.155.0/24 ; SBL93877
204.187.156.0/22 ; SBL93878
204.187.160.0/19 ; SBL93879
204.187.224.0/20 ; SBL93880
204.187.240.0/21 ; SBL93881
204.187.248.0/22 ; SBL93882
204.187.252.0/23 ; SBL93883
204.187.254.0/24 ; SBL93884
204.194.184.0/21 ; SBL95012
204.225.159.0/24 ; SBL113128
204.225.210.0/24 ; SBL113129
204.236.0.0/19 ; SBL46767
204.44.192.0/20 ; SBL116416
204.48.64.0/19 ; SBL96700
204.52.255.0/24 ; SBL13483
204.57.16.0/20 ; SBL116417
204.89.224.0/24 ; SBL11667
205.137.0.0/20 ; SBL116418
205.142.104.0/22 ; SBL98307
205.144.0.0/20 ; SBL96698
205.144.176.0/20 ; SBL116419
205.145.192.0/19 ; SBL104621
205.159.180.0/24 ; SBL113130
205.172.244.0/22 ; SBL96743
205.175.160.0/19 ; SBL104260
205.189.71.0/24 ; SBL105802
205.189.72.0/23 ; SBL105804
205.203.224.0/19 ; SBL104251
205.214.128.0/19 ; SBL104253
205.235.64.0/20 ; SBL8558
205.236.189.0/24 ; SBL9442
206.197.175.0/24 ; SBL14246
206.197.176.0/24 ; SBL14250
206.197.177.0/24 ; SBL14248
206.197.28.0/24 ; SBL14253
206.197.29.0/24 ; SBL14251
206.201.48.0/20 ; SBL97028
206.203.64.0/18 ; SBL103686
206.224.160.0/19 ; SBL96697
206.227.64.0/18 ; SBL96696
206.81.0.0/19 ; SBL103439
207.183.192.0/19 ; SBL104254
207.189.0.0/19 ; SBL90975
207.22.192.0/18 ; SBL107317
208.81.136.0/21 ; SBL61909
208.85.32.0/21 ; SBL106700
208.90.0.0/21 ; SBL83016
209.145.0.0/19 ; SBL109583
209.148.64.0/19 ; SBL121952
209.182.64.0/19 ; SBL104261
209.198.176.0/20 ; SBL106610
209.205.192.0/19 ; SBL99209
209.205.224.0/20 ; SBL96833
209.213.48.0/20 ; SBL57862
209.51.32.0/20 ; SBL106609
209.95.192.0/19 ; SBL107139
213.109.208.0/20 ; SBL81091
213.109.96.0/22 ; SBL80829
213.247.0.0/19 ; SBL102595
216.151.192.0/20 ; SBL99327
216.212.192.0/19 ; SBL90976
31.11.43.0/24 ; SBL113323
31.184.226.0/24 ; SBL124504
31.222.200.0/21 ; SBL111681
41.221.112.0/20 ; SBL73618
46.161.29.0/24 ; SBL106308
58.83.8.0/22 ; SBL67465
62.122.32.0/21 ; SBL73243
62.122.72.0/23 ; SBL89541
62.182.152.0/21 ; SBL83337
64.112.0.0/17 ; SBL90972
64.112.128.0/18 ; SBL90973
64.15.0.0/20 ; SBL84899
64.21.192.0/20 ; SBL121948
64.21.212.0/22 ; SBL121949
64.21.216.0/21 ; SBL121950
64.44.0.0/16 ; SBL90974
66.231.64.0/20 ; SBL108610
67.211.208.0/20 ; SBL74177
67.213.128.0/20 ; SBL72074
67.218.208.0/20 ; SBL79149
69.6.80.0/24 ; SBL121951
72.13.16.0/20 ; SBL83151
72.2.176.0/20 ; SBL65287
72.50.192.0/19 ; SBL69515
78.155.220.0/23 ; SBL71758
78.31.184.0/21 ; SBL83336
79.110.16.0/20 ; SBL83334
79.110.160.0/20 ; SBL67820
79.110.176.0/20 ; SBL79067
79.110.48.0/20 ; SBL81903
79.174.0.0/19 ; SBL95007
81.22.152.0/23 ; SBL92875
84.22.96.0/19 ; SBL99505
85.120.94.0/23 ; SBL118978
85.121.39.0/24 ; SBL111502
85.202.160.0/20 ; SBL95006
85.202.192.0/20 ; SBL83332
85.255.112.0/20 ; SBL36702
88.135.64.0/20 ; SBL86516
88.214.211.0/24 ; SBL67516
89.114.9.0/24 ; SBL88575
89.114.97.0/24 ; SBL94487
89.45.14.0/24 ; SBL110099
91.193.192.0/22 ; SBL95467
91.193.72.0/22 ; SBL115834
91.194.0.0/23 ; SBL92210
91.195.10.0/23 ; SBL123624
91.196.216.0/22 ; SBL117725
91.196.232.0/22 ; SBL60122
91.198.109.0/24 ; SBL87568
91.198.125.0/24 ; SBL105476
91.198.127.0/24 ; SBL91051
91.199.112.0/24 ; SBL64756
91.199.123.0/24 ; SBL73828
91.199.157.0/24 ; SBL73460
91.199.230.0/24 ; SBL71957
91.200.164.0/22 ; SBL83164
91.200.188.0/22 ; SBL101738
91.200.240.0/22 ; SBL99794
91.200.248.0/22 ; SBL83326
91.201.124.0/22 ; SBL82375
91.201.212.0/22 ; SBL89947
91.201.236.0/22 ; SBL94054
91.201.4.0/22 ; SBL87569
91.203.92.0/22 ; SBL65512
91.204.40.0/21 ; SBL102591
91.204.48.0/22 ; SBL100379
91.205.40.0/22 ; SBL80808
91.207.116.0/23 ; SBL72150
91.208.0.0/24 ; SBL66769
91.208.162.0/24 ; SBL68740
91.208.228.0/24 ; SBL85021
91.209.14.0/24 ; SBL69636
91.209.183.0/24 ; SBL80244
91.209.184.0/24 ; SBL71669
91.209.186.0/24 ; SBL73228
91.209.238.0/24 ; SBL92238
91.209.48.0/24 ; SBL74708
91.209.58.0/24 ; SBL73115
91.209.63.0/24 ; SBL103115
91.210.172.0/22 ; SBL71956
91.211.64.0/22 ; SBL70438
91.211.88.0/22 ; SBL71163
91.212.107.0/24 ; SBL82098
91.212.123.0/24 ; SBL78564
91.212.135.0/24 ; SBL97610
91.212.163.0/24 ; SBL76770
91.212.198.0/24 ; SBL79300
91.212.201.0/24 ; SBL76662
91.212.220.0/24 ; SBL87278
91.212.41.0/24 ; SBL89313
91.212.45.0/24 ; SBL73397
91.212.65.0/24 ; SBL73329
91.213.121.0/24 ; SBL80042
91.213.157.0/24 ; SBL110199
91.213.174.0/24 ; SBL83028
91.213.175.0/24 ; SBL88767
91.213.217.0/24 ; SBL93912
91.213.29.0/24 ; SBL80031
91.213.72.0/24 ; SBL78805
91.213.75.0/24 ; SBL84610
91.213.93.0/24 ; SBL78807
91.213.94.0/24 ; SBL78806
91.216.11.0/24 ; SBL90610
91.216.122.0/24 ; SBL94367
91.216.141.0/24 ; SBL96022
91.216.190.0/24 ; SBL106144
91.216.3.0/24 ; SBL89504
91.216.73.0/24 ; SBL94964
91.217.153.0/24 ; SBL98070
91.217.162.0/24 ; SBL99838
91.217.178.0/24 ; SBL125774
91.217.249.0/24 ; SBL97861
91.220.0.0/24 ; SBL103130
91.220.62.0/24 ; SBL100787
91.220.90.0/24 ; SBL102674
91.221.98.0/23 ; SBL104928
91.226.78.0/24 ; SBL113609
91.228.132.0/24 ; SBL123625
91.229.46.0/23 ; SBL125626
91.229.90.0/23 ; SBL118689
93.120.32.0/19 ; SBL86549
93.168.18.0/23 ; SBL86334
93.168.20.0/23 ; SBL86333
93.168.22.0/23 ; SBL86332
93.168.24.0/23 ; SBL86331
93.174.164.0/24 ; SBL90816
93.175.240.0/20 ; SBL83333
94.126.176.0/21 ; SBL88207
94.130.0.0/15 ; SBL83315
94.154.128.0/18 ; SBL67819
94.158.240.0/20 ; SBL81904
94.232.248.0/21 ; SBL73242
94.60.121.0/24 ; SBL112755
94.60.122.0/23 ; SBL112756
94.61.247.0/24 ; SBL117693
94.63.146.0/24 ; SBL105877
94.63.149.0/24 ; SBL108102
94.63.150.0/23 ; SBL107641
94.63.241.0/24 ; SBL99919
94.63.243.0/24 ; SBL103029
94.63.244.0/23 ; SBL103030
94.63.245.0/24 ; SBL96901
94.63.246.0/24 ; SBL101918
94.63.247.0/24 ; SBL98154
95.215.140.0/22 ; SBL98152
95.216.0.0/15 ; SBL83308
95.64.11.0/24 ; SBL110202
95.64.13.0/24 ; SBL105179
95.64.37.0/24 ; SBL111503
95.64.38.0/24 ; SBL111504
95.64.39.0/24 ; SBL111505
95.64.98.0/23 ; SBL90817

[root@cloud ~]# cat /etc/hosts.allow

#

# hosts.allow
This file describes the names of the hosts which are

# allow
ed to use the local INET services, as decided

# by the ‘/usr/sbin/tcpd’ server.

#

sshd:1.0.0.0/255.0.0.0:allow

sshd:14.0.0.0/255.0.0.0:allow

sshd:27.0.0.0/255.0.0.0:allow

sshd:36.0.0.0/255.0.0.0:allow

sshd:39.0.0.0/255.0.0.0:allow

sshd:42.0.0.0/255.0.0.0:allow

sshd:49.0.0.0/255.0.0.0:allow

sshd:58.0.0.0/255.0.0.0:allow

sshd:59.0.0.0/255.0.0.0:allow

sshd:60.0.0.0/255.0.0.0:allow

sshd:61.0.0.0/255.0.0.0:allow

sshd:101.0.0.0/255.0.0.0:allow

sshd:103.0.0.0/255.0.0.0:allow

sshd:106.0.0.0/255.0.0.0:allow

sshd:110.0.0.0/255.0.0.0:allow

sshd:111.0.0.0/255.0.0.0:allow

sshd:112.0.0.0/255.0.0.0:allow

sshd:113.0.0.0/255.0.0.0:allow

sshd:114.0.0.0/255.0.0.0:allow

sshd:115.0.0.0/255.0.0.0:allow

sshd:116.0.0.0/255.0.0.0:allow

sshd:117.0.0.0/255.0.0.0:allow

sshd:118.0.0.0/255.0.0.0:allow

sshd:119.0.0.0/255.0.0.0:allow

sshd:120.0.0.0/255.0.0.0:allow

sshd:121.0.0.0/255.0.0.0:allow

sshd:122.0.0.0/255.0.0.0:allow

sshd:123.0.0.0/255.0.0.0:allow

sshd:124.0.0.0/255.0.0.0:allow

sshd:125.0.0.0/255.0.0.0:allow

sshd:126.0.0.0/255.0.0.0:allow

sshd:169.208.0.0/255.240.0.0:allow

sshd:175.0.0.0/255.0.0.0:allow

sshd:180.0.0.0/255.0.0.0:allow

sshd:182.0.0.0/255.0.0.0:allow

sshd:183.0.0.0/255.0.0.0:allow

sshd:202.0.0.0/255.0.0.0:allow

sshd:203.0.0.0/255.0.0.0:allow

sshd:210.0.0.0/255.0.0.0:allow

sshd:211.0.0.0/255.0.0.0:allow

sshd:218.0.0.0/255.0.0.0:allow

sshd:219.0.0.0/255.0.0.0:allow

sshd:220.0.0.0/255.0.0.0:allow

sshd:221.0.0.0/255.0.0.0:allow

sshd:222.0.0.0/255.0.0.0:allow

sshd:223.0.0.0/255.0.0.0:allow

# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:ALL

[root@cloud ~]# service sshd restart

IPv4APNIC allocates resources in the following ranges within the Asia Pacific region:

1.0.0.0/8
14.0.0.0/8
27.0.0.0/8
36.0.0.0/8
39.0.0.0/8
42.0.0.0/8
49.0.0.0/8
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
101.0.0.0/8
103.0.0.0/8
106.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
120.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
169.208.0.0/12
175.0.0.0/8
180.0.0.0/8
182.0.0.0/8
183.0.0.0/8

202.0.0.0/8
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8
223.0.0.0/8

图片附件: