Ubuntu only allow incoming access from 192.168.0.0/8 or server IP address
How can I make it that only approved IP addresses have access to my Ubuntu server 12.04 I only just set it up.
You can achieve this with following commands provided you have UFW
install:
To allow by a specific IP address use,
sudo ufw allow from XXX.XXX.XXX.XXX
To allow by a specific subnet we invoke netmask and use,
sudo ufw allow from XXX.XXX.XXX.XXX/XX
To allow by a specific port and an IP address you can use,
sudo ufw allow from XXX.XXX.XXX.XXX to AAA port YY
Please refer community documentation for advance help.
Using tcpwrappers,
/etc/hosts.deny is checked before /etc/hosts.allow, so you can go
-
hosts.deny
ALL : ALL
first, we block everything from everyone,
-
hosts.allow
ALL : localhost
sshd: 192.168.0.2
which means only 192.168.0.2 on your local network can access ssh server on that machine.
This would be accomplished with iptables
(netfilter), the built-in firewall utility for Linux.
Depending on what you're doing with your server (and what you're serving), this will need to be (carefully) configured to permit the appropriate traffic.
There's a good tutorial on this at Ubuntu's official help website and there's also ufw (Uncomplicated Firewall) that's built in to Ubuntu to handle the basics. For example if you wanted to only permit SSH (TCP 22) access from 10.0.0.15, you'd do this:
sudo ufw allow proto tcp from 10.0.0.15 to any port 22
You can also use one of several handy iptables rule generators to generate an entire iptables ruleset.
Another suggestion (especially if this Ubuntu host will be on the Internet) would be to use SSH key pairs for authentication instead of passwords; I'd also disable root logins.