Using UFW to Rate Limit SSH Connections for Security
ufw limit allows up to six new connections every 30 seconds. If exceeded, the source IP is temporarily banned for 30 seconds.
UFW (Uncomplicated FireWall) is a user-friendly firewall available on Ubuntu and Debian-based Linux distributions. It's essential for any server to have UFW enabled and configured to allow necessary services while restricting others.
To configure UFW:
Allowing Connections
For services that should not be limited in access frequency, use the allow command. Here’s an example:
ufw allow from 10.1.10.1/24 to any port 80 proto tcp
- ufw: The command to manage the firewall.
- allow: Allows connections without frequency restrictions.
- from 10.1.10.1/24: The source IP range. You can also use IPv6, such as
from fd9d:8733:e826::/64. - to any: Applies to any network interface. Specify an interface if needed (e.g.,
to eth0orto eth1). - port 80: The port number (TCP/UDP). Official port numbers can be found at IANA.
- proto tcp: The protocol, usually TCP or UDP.
Rate Limiting
To prevent brute force attacks, use the limit command. This limits the number of new connections within a specified time frame.
Example:
ufw limit from 10.1.10.0/24 to eth0 port 22 proto tcp
- ufw: The command to manage the firewall.
- limit: Allows up to six new connections every 30 seconds. If exceeded, the source IP is temporarily banned for 30 seconds.
- from 10.1.10.0/24: The source IP range.
- to eth0: Specifies the network interface.
- port 22: The port number (commonly used for SSH).
- proto tcp: The protocol.
When a brute force attack attempts hundreds of guesses per second, limiting connections to six every 30 seconds makes it nearly impossible to succeed, deterring attackers from continuing their efforts.
By properly configuring UFW, you enhance your server's security, making it more resilient against unauthorized access attempts.
