APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We'll guide you through DENY ALL with APF firewall.
PROBLEM:
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.
APF SOLUTION:
1) Login to your server as the root user.
2) cd /etc/apf
3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules
4) Scroll down until after their last comment with the ##
Add the following in:
tcp:in:d=22:s=YOURHOMEIPHERE
out:d=22:d=YOURHOMEIPHERE
The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.
Save the changes.
5) Edit the /etc/apf/deny_hosts.rules file
EG: vi /etc/apf/deny_hosts.rules
Scroll down until the last default comment ## then below it add the following:
tcp:in:d=22:s=0/0
out:d=22:d=0/0
Article provided by WebHostGear.com
Save the changes.
Article provided by WebHostGear.com
6) Restart APF firewall
apf -r
Your server is now only allowing connections to the SSH service from one IP using APF.
To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.
