Skip to content

Instantly share code, notes, and snippets.

@devops-school

devops-school/README.md

Last active November 14, 2024 09:34
Show Gist options
  • Save devops-school/b3d7c3135e77a1ca7450832d25396047 to your computer and use it in GitHub Desktop.
Save devops-school/b3d7c3135e77a1ca7450832d25396047 to your computer and use it in GitHub Desktop.
Download ZIP
List of Commands to Check, Add, Edit Firewall configuration of SSH in ubuntu
Raw
README.md

UFW (Uncomplicated Firewall) Commands --

1. Check UFW Status and Rules

sudo ufw status verbose # View current firewall status and rules sudo ufw status # Check if UFW is enabled

2. Allow SSH on Port 22

sudo ufw allow 22/tcp # Allow SSH (port 22) from any IP sudo ufw allow from x.x.x.x to any port 22 # Allow SSH from specific IP (replace x.x.x.x with IP)

3. Limit SSH Connections

sudo ufw limit 22/tcp # Limit SSH to default rate (e.g., 6 attempts per 30 seconds)

4. Deny SSH Access

sudo ufw deny 22/tcp # Deny all incoming SSH requests sudo ufw deny from x.x.x.x to any port 22 # Deny SSH from a specific IP

5. Delete UFW Rules for SSH

sudo ufw delete allow 22/tcp # Delete the SSH allow rule sudo ufw delete limit 22/tcp # Delete the SSH limit rule

iptables Commands --

1. Check iptables Rules

sudo iptables -L -v -n --line-numbers # List all iptables rules with line numbers sudo iptables -L -v -n | grep dpt:22 # Filter for SSH-specific rules

2. Allow SSH on Port 22

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow SSH access from any IP sudo iptables -A INPUT -p tcp -s x.x.x.x --dport 22 -j ACCEPT # Allow SSH from specific IP

3. Limit SSH Connections to Prevent Brute Force

sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 11 -j DROP

This limits SSH to 10 attempts per IP per 5 minutes

4. Deny SSH Access

sudo iptables -A INPUT -p tcp --dport 22 -j DROP # Block SSH access from all IPs sudo iptables -A INPUT -p tcp -s x.x.x.x --dport 22 -j DROP # Block SSH from a specific IP

5. Delete iptables Rules for SSH

sudo iptables -L INPUT -v -n --line-numbers # List rules with line numbers for deletion sudo iptables -D INPUT [line_number] # Delete specific rule by line number

6. Save iptables Rules to Make Them Persistent

sudo netfilter-persistent save # Save iptables rules for persistence on reboot sudo apt-get install iptables-persistent # Install iptables-persistent if not installed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment