WebHostGear.com - the hosting resource for professionalshosting tutorials hosting howto webhost guide server managementMay 13, 2008
server management, apache tutorials, hosting tutorials, cpanel, server security
Home | Blog | Hosting Forums | Most Popular | Top Rated | Search | RSS Syndicate | Contact Us | Site Map

Advanced Search
Search Forums

Categories:
Hire an ExpertHire an Expert
Hosting BlogBlog
ArticlesArticles
Hosting TutorialsHosting Tutorials
cPanel TutorialscPanel Tutorials
Server SecurityServer Security
InterviewsInterviews
ReviewsReviews
Web Host NewsWeb Hosting News
ForumsHosting Forums
ProjectsProjects

Special Offer:

Site Related:
Submit hosting articleSubmit Article
AdvertiseAdvertise
About UsAbout Us
WebhostGear PartnersPartners
SyndicateRSS Syndicate
Write for usWrite for us
Recommend UsRecommend Us
DisclaimerDisclaimer
Contact UsContact Us
Site MapSite Map

Free Newsletter:

Subscribe to our free newsletter and receive, tutorials, reviews and more all related to the hosting industry.
E-mail Address:

First Name:



$50 OFF Coupon for Dedicated and VPS Servers

cPanel Dedicated Servers 		Home / Hosting Tutorials / Server Security / APF Deny ALL for SSH Limit IP Connections

APF Deny ALL for SSH Limit IP Connections



Printer Friendly Printer Friendly Send to a friend Send to a friend
By : ramprage Rating : Average Rating : 2.75 From 4 Voter(s)

APF Deny ALL for SSH - Limit IP Connections

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.

PROBLEM:
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.

APF SOLUTION:
1) Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=22:s=YOURHOMEIPHERE
out:d=22:d=YOURHOMEIPHERE

The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules  file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=22:s=0/0
out:d=22:d=0/0

Article provided by WebHostGear.com
Save the changes.

Article provided by WebHostGear.com

6) Restart APF firewall
apf -r


Your server is now only allowing connections to the SSH service from one IP using APF.  To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.

Cheers

Steve



New! - Need server help? Hire an Expert

Get professional help with your configuration, script installation or server issue.
Learn how we can help you with any server problem and make your server run like new. Professional staff will contact you, after submitting a quote request, by phone or email.

Rate this Article :

1
2
3
4
5
6
7
8
9
10
Poor Excellent

Related Articles


» Common SSH Commands - Linux Shell Commands
» Firewalls Explained - Part 1
» How to install BFD (Brute Force Detection)
» How to install APF (Advanced Policy Firewall)
» How to install Shoutcast


Discuss this article with others in our new hosting forums

Comments / Feedback

Linux Uruguay
That can be easly done using /etc/hosts.allow and only accepting ssh :

sshd : YOUR_IP_HERE

Then just put:

ALL : ALL at the /etc/hosts.deny, of course IP must be listed at the /etc/apf/allow.. file.

Keep working, this site have nice tutorials.
sandy
Always helpfull :)

cheers :)
Ryan
You can simply remove port 22 from the IG_TCP_CPORTS then add your allow_hosts.rules entries. The rules into deny_hosts.rules are not needed as since port 22 is not open in the common ports variable IG_TCP_CPORTS, it will be denied implicitly.

 Add Comment
Name
Email
Image Code
Refresh Image
Comments / Feedback



Web Hosting News RSS ?


WebHostGear Hire an Expert - NEW!
Let us improve your servers performance, find that spammer and take care of that kernel upgrade. Hire us to help with any tutorials listed on the site or any other services needed. Get your free, NO obligation quote now

Our site offers free hosting tutorials, cpanel tutorial, web hosting news, shell commands, running a web hosting business, dedicated guides, linux tutorial, apache install, home web server, web server guide, ssh commands, dedicated servers, DNS nameservers, chkrootkit, apf firewall, exim configuration, server compromised, cron backup solution, ftp backup script

Server Tutorials


WebHostGear Reviewed by Ping Zine - Click here

Special Offer:


Links:
cPanel server administration

MidPhase Coupons

Reseller Hosting

Reseller Hosting FAQ

Icon

Web Hosting

Datacenter Discussion Forum

Lunarpages Coupon

Hosting Coupon



WebhostGear Sponsors
Copyright © 2003-2006 WebHostGear.com - A Wave Point Media property.
Going Up Advertise Hosting Free Uptime Check Web Hosting Chat Icons Banners Mall