ufw question

Paul Johnson pauljohn32 at gmail.com
Mon Dec 1 06:16:41 UTC 2008

On Sun, Nov 30, 2008 at 12:56 AM, howard chen <howachen at gmail.com> wrote:
> Hello,
> How to block all access to ssh, but allow a specific IP range using ufw?
> Currently I am using...
> sudo ufw enable
> sudo ufw default deny
> ufw allow proto tcp from to port 6000
> I only want IP range from to to access my
> sshd listening on port 6000. However, the above rules seems not
> working and I cann't access my sshd.
> Any idea?

I'd consider going at it the old fashioned way.  ssh reads
/etc/hosts.deny and /etc/hosts.allow.  If you tighten up hosts.deny to
reject everything, then only allow in a specific place in hosts.allow,
it solves the problem.  No need to mess with firewall details.  I've
been doing it that way a long time, before iptables was in the kernel.
 Optionally, this can integrate with denyhosts, which will monitor
systems that try to break in and add them to a list of systems to be


Paul E. Johnson
Professor, Political Science
1541 Lilac Lane, Room 504
University of Kansas

More information about the ubuntu-users mailing list