APF Deny ALL for SSH Limit IP Connections Published: Feb 06, 2007
  • Rating

    4/5

Have a user that keeps hammering your FTP or trying to login over and over and over again that you just want to ban and never see again? We'll show a quick and dirty method to ban an IP address from the server.

Have a user that keeps hammering your FTP or trying to login over and over and over again that you just want to ban and never see again? We'll show a quick and dirty method to ban an IP address from the server.

We commonly receive questions like:
"I would like to ban that ip address to prevent the access to the server.

how can i ban that Ip address from the server?"

Simple!

1) Login to the server as and su  - to root.

2) If you are running iptables, you can enter:

iptables -A INPUT -s <IP> -j DROP

3) If you have APF firewall installed

apf -d <ip>

4) When you reboot this IP ban will be removed, meaning the IP will no longer be banned anymore.
If you have APF you can get around this by opening the deny hosts file.

pico /etc/apf/deny_hosts.rules

Scroll to the bottom and paste in the IP address.
Ctrl+X then Y to save the changes and exit.

5) Restart APF
/etc/apf/apf -r

  • Rating

    4/5

Related Articles

Comments (3)

  • Gravatar - Linux Uruguay
    Linux Uruguay 19:52, February 18, 2007
    That can be easly done using /etc/hosts.allow and only accepting ssh :<br />
    <br />
    sshd : YOUR_IP_HERE<br />
    <br />
    Then just put:<br />
    <br />
    ALL : ALL at the /etc/hosts.deny, of course IP must be listed at the /etc/apf/allow.. file.<br />
    <br />
    Keep working, this site have nice tutorials.
  • Gravatar - sandy
    sandy 16:50, April 12, 2007
    Always helpfull :)<br />
    <br />
    cheers :)
  • Gravatar - Ryan
    Ryan 19:35, June 9, 2007
    You can simply remove port 22 from the IG_TCP_CPORTS then add your allow_hosts.rules entries. The rules into deny_hosts.rules are not needed as since port 22 is not open in the common ports variable IG_TCP_CPORTS, it will be denied implicitly.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2018 WebHostGear.com