Steve Leggett is the owner of WebHostGear.com and Wave Point Media Inc. He use to run and own his own web hosting company, Tower Host, which was recently sold. Steve now specializes in server administration and web development.
APF Deny ALL for SSH - Limit IP Connections
APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.
PROBLEM:
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.
APF SOLUTION:
1) Login to your server as the root user.
2) cd /etc/apf
3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules
4) Scroll down until after their last comment with the ##
Add the following in:
tcp:in:d=22:s=YOURHOMEIPHERE
out:d=22:d=YOURHOMEIPHERE
The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.
Save the changes.
5) Edit the /etc/apf/deny_hosts.rules file
EG: vi /etc/apf/deny_hosts.rules
Scroll down until the last default comment ## then below it add the following:
tcp:in:d=22:s=0/0
out:d=22:d=0/0
Save the changes.
6) Restart APF firewall
apf -r
Your server is now only allowing connections to the SSH service from one IP using APF. To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.
Cheers
Steve
New! - Need server help? Hire an Expert
Get professional help with your configuration, script installation or server issue.Learn how we can help you with any server problem and make your server run like new.
| By : ramprage | Rating :
|
Views: 8638 | Date: February 6, 2007 |
Return to WebHostGear.com