APF Deny ALL for SSH Limit IP Connections Published: Feb 06, 2007

• Rating

  4/5

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.

APF Deny ALL for SSH - Limit IP Connections

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.

PROBLEM:
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.

APF SOLUTION:
1) Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=22:s=YOURHOMEIPHERE
out:d=22:d=YOURHOMEIPHERE

The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules  file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=22:s=0/0
out:d=22:d=0/0

Save the changes.

6) Restart APF firewall
apf -r


Your server is now only allowing connections to the SSH service from one IP using APF.  To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.

Cheers

Steve