Skip to content

Instantly share code, notes, and snippets.

@gnat

gnat/ufw_limit_raise.md

Last active January 31, 2023 13:03
Show Gist options
  • Save gnat/167eaac136b8641efd51cdd51b22b561 to your computer and use it in GitHub Desktop.
Save gnat/167eaac136b8641efd51cdd51b22b561 to your computer and use it in GitHub Desktop.
Download ZIP
ufw limit raise on ubuntu 22.04
Raw
ufw_limit_raise.md

Raise the default limit for ufw

Allows you to benefit from ufw's limit protection without being too restrictive.

tl;dr: increase --hitcount 6 to something larger in /etc/ufw/user.rules for your rule.

Example for SSH

  • Make rule ufw limit from YOUR_IP to any port 22 proto tcp
  • Increase limit
    • Quick and easy: sed -i 's/--seconds 30 --hitcount 6/--seconds 20 --hitcount 20/' /etc/ufw/user.rules
      • Optionally, only rules with YOUR_IP: sed -i '/YOUR_IP/s/--seconds 30 --hitcount 6/--seconds 20 --hitcount 20/' /etc/ufw/user.rules
    • Or, manually edit: nano /etc/ufw/user.rules
  • Apply changes systemctl restart ufw

Why?

The default rate limit of 6 connections per 30 seconds will cause "random disconnect" issues with PyInfra, Ansible, rsync, etc. as many of these agent-free systems rely on 1 SSH connection per command.

Take note, Canonical.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment