Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-27-2007, 11:42 PM   #1
Registered: Dec 2003
Location: Maryland
Distribution: Fedora, Ubuntu, Centos, FreeBSD
Posts: 390

Rep: Reputation: 31
Block port 22 for specific IP's

Hello all,

Is it possible/easy to block port 22 for specific IPs using the terminal or some application? Right now I have it open to the world and its bothering me to see all the break-in attempts.

I need it so I can get to my systems from anywhere outside of my network.

I have not been able to successfully implement a VPN so I am using firestarter right now and it will allow me to block port 22 all together unless its from a specific IP but that is only good if I am in one specific place. Great for security but not very flexible.
Old 10-27-2007, 11:53 PM   #2
Registered: Oct 2005
Location: Sri Lanka
Distribution: Red Hat, Cent OS
Posts: 38

Rep: Reputation: 16
IPTABLES its easy.
Old 10-28-2007, 12:57 AM   #3
Registered: Jul 2003
Location: Pennsylvainia
Distribution: Slackware / Debian / *Ubuntu / Opensuse / Solaris uname: Brian Cooney
Posts: 503

Rep: Reputation: 30
super easy solution:

edit your /etc/ssh/sshd_config file

change your ssh port to any non standard port so it isn't detected by every port scanner that passes over your subnet

you will need to just add the -p flag when you log in to tell your client what arbritary port you moved the server to. Pick something that no standard services run on of possible

DISABLE ssh v1

disable root login, or better yet restrict it to ONLY the user or users that you log in as. DEFIANTLY DISABLE ROOT LOGIN

You should see your break in attempts drop to next to nothing once port scanners start seeing a closed or stealth port 22.

Security by obscurity is stupid, but so is actively advertising that you have something to break into. By hiding your already secure service, you only make things better
Old 10-28-2007, 05:22 AM   #4
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780
Blog Entries: 6

Rep: Reputation: 75
another easy way is open your /etc/hosts.deny and add below if dont have then create it

then open your /etc/hosts.allow and add

these sample
Old 10-28-2007, 06:41 AM   #5
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Originally Posted by lmcilwain View Post
Is it possible/easy to block port 22 for specific IPs using the terminal or some application? Right now I have it open to the world and its bothering me to see all the break-in attempts.
Yes, you can easily deny access to port 22 from specific IPs like:
iptables -I INPUT -p TCP --dport 22 -s $BAD_IP_GOES_HERE -j DROP
But you would probably be much better-off having this happen automatically for those IPs trying to "break in". That is where tools like Fail2Ban come in. Also, as has already been said, changing SSHD to listen on a non-default port can drastically reduce the amount of automated brute-force attacks you experience. See the Failed SSH login attempts sticky at the top of the forum for more info.

Last edited by win32sux; 10-28-2007 at 06:44 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES BLOCK ALL NON-US IP's cachemonet Linux - Security 3 06-14-2006 03:57 PM
how to restrict download from internet for specific ip's only deepak rawat Linux - Networking 1 04-27-2006 07:27 AM
Find IP's in use in a particular block kegwell Linux - Networking 1 07-14-2004 05:22 AM
Allow SSH from specific IP's ONLY. m15a4 Linux - Security 3 12-29-2003 04:02 AM
Port 80 -- How to block from one specific domain? (RedHat 7.0) jcroft Linux - Security 1 02-17-2002 03:50 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration