SBDavid
Oct 22nd, 2009
Oct 22nd, 2009
Allowing connections to the SSH service from one IP using APF
Allowing connections to the SSH service from one IP using APF
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.
APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server.
Login to your server as the root user.
cd /etc/apf
vi /etc/apf/allow_hosts.rules
vi /etc/apf/allow_hosts.rules
Add the following in:
tcp:in:d=22:s=IP-ADDRESS
out:d=22:d=IP-ADDRESS
out:d=22:d=IP-ADDRESS
The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.
Save the changes.
vi /etc/apf/deny_hosts.rules
Add the following:
tcp:in:d=22:s=0/0
out:d=22:d=0/0
out:d=22:d=0/0
Save the changes.
Restart APF firewall
apf -r
