ufw question
Paul Johnson
pauljohn32 at gmail.com
Mon Dec 1 06:16:41 UTC 2008
On Sun, Nov 30, 2008 at 12:56 AM, howard chen <howachen at gmail.com> wrote:
> Hello,
>
> How to block all access to ssh, but allow a specific IP range using ufw?
>
> Currently I am using...
>
> sudo ufw enable
> sudo ufw default deny
> ufw allow proto tcp from 221.124.0.0 to 221.127.255.255 port 6000
>
> I only want IP range from 21.124.0.0 to 221.127.255.255 to access my
> sshd listening on port 6000. However, the above rules seems not
> working and I cann't access my sshd.
>
> Any idea?
I'd consider going at it the old fashioned way. ssh reads
/etc/hosts.deny and /etc/hosts.allow. If you tighten up hosts.deny to
reject everything, then only allow in a specific place in hosts.allow,
it solves the problem. No need to mess with firewall details. I've
been doing it that way a long time, before iptables was in the kernel.
Optionally, this can integrate with denyhosts, which will monitor
systems that try to break in and add them to a list of systems to be
blocked.
http://pj.freefaculty.org/blog/?p=35
--
Paul E. Johnson
Professor, Political Science
1541 Lilac Lane, Room 504
University of Kansas
More information about the ubuntu-users
mailing list