This tutorial explains how to limit the ssh access using UFW (Uncomplicated Firewall), denying connections from IP addresses who failed to establish a minimum of 6 connections within 30 seconds.
This feature is very useful for protocols supporting login authenticated connections such as ssh or ftp among others, preventing brute force attacks.
Getting started with UFW
To install UFW on Debian-based Linux distributions, run the command below.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-01.png" data-lazy- height="516" src="data:image/svg xml,” width=”939″>
ArchLinux users can get UFW from https://archlinux.org/packages/?name=ufw.
Once installed, enable UFW by running the following command.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-02.png" data-lazy- height="260" src="data:image/svg xml,” width=”939″>
Note: you can disable UFW by running sudo ufw disable
You can check UFW status by running the next example’s command. The Status will not only reveal if UFW is enabled, but it also prints source ports, destination ports, and the Action or rule to be executed by the firewall. The following screenshot shows some allowed and limited ports by Uncomplicated Firewall.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-03.png" data-lazy- height="650" src="data:image/svg xml,” width=”939″>
To reset UFW removing all Actions (rules), run the command below.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-04.png" data-lazy- height="277" src="data:image/svg xml,” width=”939″>
After a reset, running sudo ufw status again will show UFW is disabled.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-05.png" data-lazy- height="239" src="data:image/svg xml,” width=”939″>
To continue with this tutorial, enable it back.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-06.png" data-lazy- height="275" src="data:image/svg xml,” width=”939″>
Limiting ssh with UFW
As said previously, limiting a service using UFW will refuse connections from IP addresses that attempt to log in or connect more than 6 times in 30 seconds.
This UFW feature is very useful against brute force attacks.
The syntax to limit a service using UFW is sudo ufw limit .
To limit the ssh service, run the command below.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-07.png" data-lazy- height="239" src="data:image/svg xml,” width=”939″>
You can check if the service is limited by showing UFW status as shown previously and below.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-08.png" data-lazy- height="304" src="data:image/svg xml,” width=”939″>
The following example shows how to limit the FTP service in the same way.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-09.png" data-lazy- height="672" src="data:image/svg xml,” width=”939″>
As you can see, both ftp and ssh are limited.
UFW is just an Iptables frontend. Rules behind our UFW commands are iptables or Netfilter rules from the kernel. The UFW rules described above are the following Iptables rules for ssh:
sudo iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j ACCEPT
sudo iptables -A INPUT -p tcp –dport 2020 -m state –state NEW -m recent –set –name SSH
sudo iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 30 –hitcount 6 –rttl –name SSH -j DROP
How to limit ssh using UFW’s GUI (GUFW)
GUFW is the UFW (Uncomplicated Firewall) graphical interface. This tutorial section shows how to limit ssh using GUFW.
To install GUFW on Debian-based Linux distributions, including Ubuntu, run the following command.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-10.png" data-lazy- height="525" src="data:image/svg xml,” width=”939″>
Arch Linux users can get GUFW from https://archlinux.org/packages/?name=gufw.
Once installed, run GUFW with the command below.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-11.png" data-lazy- height="322" src="data:image/svg xml,” width=”939″>
A graphical window will show up. Press the Rules button next to the home icon.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-12.png" data-lazy- height="885" src="data:image/svg xml,” width=”608″>
On the rules screen, press the icon at the bottom of the window.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-13.png" data-lazy- height="885" src="data:image/svg xml,” width=”608″>
The window shown in the screenshot below will show up.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-14-1.png" data-lazy- height="750" src="data:image/svg xml,” width=”879″>
On the policy drop-down menu, select Limit. On Category, select Network. In the Subcategory dropdown menu, choose Services. In the Application Filter search box, type “ssh” as shown in the following screenshot. Then press the Add button.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-15.png" data-lazy- height="750" src="data:image/svg xml,” width=”879″>
As you can see, after adding the rule, you’ll see the rules added.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/limit-ssh-UFW-16.png" data-lazy- height="885" src="data:image/svg xml,” width=”608″>
You can check rules were applied using UFW status.
Status: active
To Action From
— —— —-
22/tcp LIMIT Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
As you can see, the ssh service is limited both for IPv4 and IPv6 protocols.
Conclusion
As you can see, UFW is so simply applying rules through CLI becomes easier and a lot faster than using its GUI. Contrary to Iptables, any Linux user level can easily learn and implement rules to filter ports. Learning UFW is a nice way for new network users to get control of their network security and get knowledge on firewalls.
Applying the security measure explained in this tutorial is mandatory if your ssh service is enabled; almost all attacks against this protocol are brute force attacks which can be prevented by limiting the service.
You can learn additional ways to secure your ssh at Disabling root ssh on Debian.
I hope this tutorial explaining how to limit ssh using UFW was useful. Keep following Linux Hint for more Linux tips and tutorials.
About the author
<img alt="" data-del="avatar" data-lazy-src="https://kirelos.com/wp-content/uploads/2021/08/echo/linuxinstitute_icono-150×150.png610b52396d4ad.jpg" height="112" src="data:image/svg xml,” width=”112″>
David Adams
David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.
