Using iptables to restrict access to ssh by IP

iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED --source x.x.x.x -p tcp --dport 22 -j ACCEPT

access only from x.x.x.x

iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 22 -j DROP

drop all other packets to port 22


iptables -A INPUT -p tcp -s 12.34.56.78/16 --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j REJECT

There are other ways to do it, but this is simplest when we know nothing about your other rules.


Sometimes command line IpTables syntax can be a bit much to learn/digest. If you're new(ish) to linux administration; you might consider installing something like webmin. You can use their gui to create your rules, and then go back and check the "/etc/sysconfig/iptables" file and see the actual syntax.

I would then recommend using Webmin & IpTables to lock down webin access to only those specific IP addresses you wish. You use the same syntax as some of the other posters have answered, just changing the PORT to whatever you setup Webmin to use. (Hopefully something OTHER than the standard port:10000).