Linux – vsftpd whitelisting


How do you whitelist IPs for the service to allow only certain subnets on? Do I use IPTables or is there an easier way like IPWrappers Do you have to register the service for it to work with IPWrappers(hosts.allow)

Best Answer

If your vsftpd has been compiled with tcp_wrappers support then you can use it if you turn on the vsftpd configurstion option


If enabled, and vsftpd was compiled with tcp_wrappers support, incoming connections will be fed through tcp_wrappers access control. Furthermore, there is a mechanism for per-IP based configuration. If tcp_wrappers sets the VSFTPD_LOAD_CONF environment variable, then the vsftpd session will try and load the vsftpd configuration file specified in this variable.

You can then use the standard hosts.allow and hosts.deny files.

You can check to see if your vsftpd has been compiled with libwrap support like so

ldd /usr/sbin/vsftpd | grep wrap => /lib64/ (0x00002ae164bb6000)