Allowing connections to the SSH service from one IP using APF
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.
APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server.
Login to your server as the root user.
cd /etc/apf
vi /etc/apf/allow_hosts.rules
vi /etc/apf/allow_hosts.rules
Add the following in:
tcp:in:d=22:s=IP-ADDRESS
out:d=22:d=IP-ADDRESS
out:d=22:d=IP-ADDRESS
The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.
Save the changes.
vi /etc/apf/deny_hosts.rules
Add the following:
tcp:in:d=22:s=0/0
out:d=22:d=0/0
out:d=22:d=0/0
Save the changes.
Restart APF firewall
apf -r
Leave a Reply
You must be logged in to post a comment.
