Limiting SSH Connections with ufw

Posted on in System Administration

Ubuntu Circle of Friends Logo (Orange on White) In the past, I've written about the usefulness of using iptables to limit incoming SSH connections. Although it isn't a replacement for a good password policy, it at least limits the ability of outsiders to perform a brute-force password attack on your system. Now that I've started using Ubuntu more regularly, I've found that ufw is the recommended way to manage the iptables firewall.

The ufw command line to limit the number of incoming SSH connections is ufw limit 22/tcp. That's it. All done.

Here's some more output.

$ ufw limit 22/tcp
Rule inserted
$ ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere
$
$ iptables --list ufw-user-input
Chain ufw-user-input (1 references)
target     prot opt source               destination         
           tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source 
ufw-user-limit  tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source 
ufw-user-limit-accept  tcp  --  anywhere             anywhere            tcp dpt:ssh 

Remember that ufw's default is to limit SSH connections from a specific IP address if it attempts 6 or more connections within 30 seconds. If you feel this is too generous, you will likely have to stop using ufw. From what I can tell, these options are hardcoded into the Python library.

Slaptijack's Koding Kraken