Limit SSH access using APF Εκτύπωση

  • 18

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.

You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.

1) Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:


The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules  file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

Article provided by
Save the changes.

Article provided by

6) Restart APF firewall
apf -r

Your server is now only allowing connections to the SSH service from one IP using APF. 

To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.

Ήταν χρήσιμη αυτήν την απάντηση;

« Πίσω