Suhosin Install Guide Published: Mar 19, 2007
  • Rating

    5/5

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.

APF Deny ALL for SSH - Limit IP Connections

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.

PROBLEM:
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.

APF SOLUTION:
1)
Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=22:s=YOURHOMEIPHERE
out:d=22:d=YOURHOMEIPHERE

The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules  file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=22:s=0/0
out:d=22:d=0/0

Save the changes.

6) Restart APF firewall
apf -r


Your server is now only allowing connections to the SSH service from one IP using APF.  To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.

Cheers

Steve



  • Rating

    5/5

Related Articles

Comments (5)

  • Gravatar - ogy
    ogy 07:14, May 6, 2007
    does it work with on cpanel servers with phpsuexec
  • Gravatar - Steve
    Steve 15:44, May 17, 2007
    Yes Suhosin works on cPanel servers with PHPSuexec
  • Gravatar - hassson
    hassson 00:43, June 17, 2007
    I added<br />
    <br />
    include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:" ;<br />
    <br />
    And when I add<br />
    <br />
    extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside<br />
    <br />
    Httpd Failed
  • Gravatar - Mohammed ALHAJRI
    Mohammed ALHAJRI 22:24, July 11, 2007
    Hi,<br />
    <br />
    Good informatins and thankyou for that :)<br />
    <br />
    i have installed it and evrything is ok , just i want to know how can i make error page that appearant when any user uploade some dangrous file eg : r57.php and c99.php<br />
    <br />
    can you tell me where should i change?><br />
    <br />
    Best Regards
  • Gravatar - Intasar
    Intasar 05:40, May 28, 2011
    Thank you very much, the advanced configuration ++++++Reputation. you saved loads of time of peoples.

    Thanks again.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2021 WebHostGear.com