pauljohn32 at gmail.com
Mon Dec 1 06:16:41 UTC 2008
On Sun, Nov 30, 2008 at 12:56 AM, howard chen <howachen at gmail.com> wrote:
> How to block all access to ssh, but allow a specific IP range using ufw?
> Currently I am using...
> sudo ufw enable
> sudo ufw default deny
> ufw allow proto tcp from 18.104.22.168 to 22.214.171.124 port 6000
> I only want IP range from 126.96.36.199 to 188.8.131.52 to access my
> sshd listening on port 6000. However, the above rules seems not
> working and I cann't access my sshd.
> Any idea?
I'd consider going at it the old fashioned way. ssh reads
/etc/hosts.deny and /etc/hosts.allow. If you tighten up hosts.deny to
reject everything, then only allow in a specific place in hosts.allow,
it solves the problem. No need to mess with firewall details. I've
been doing it that way a long time, before iptables was in the kernel.
Optionally, this can integrate with denyhosts, which will monitor
systems that try to break in and add them to a list of systems to be
Paul E. Johnson
Professor, Political Science
1541 Lilac Lane, Room 504
University of Kansas
More information about the ubuntu-users