How to open ssh port using ufw on Ubuntu/Debian Linux

H

ow do I allow incoming SSH connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw?

 

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for opening incoming SSH connection on Ubuntu Linux 16.04 LTS or Debian Linux server.

Fig.01: Allow Incoming SSH from Specific IP Address or Subnet

Open incoming SSH port for all

The syntax is:

sudo ufw allow ssh

 

OR

$ sudo ufw allow 22/tcp

 

OR (add the comment)

$ sudo ufw allow 22/tcp comment  Open port ssh tcp port 22

 

If you are running ssh on TCP port # 2222, enter:

$ sudo ufw allow 2222/tcp

How to allow incoming SSH from specific IP address

The syntax is:

$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22

 

To allow incoming SSH connections from a specific IP address named 202.54.1.1, enter:

$ sudo ufw allow from 202.54.1.1 to any port 22

How to allow incoming SSH from specific subnets

The syntax is:

$ sudo ufw allow from {IP_SUB/net} to any port 22

 

OR

$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp

 

OR

$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp

 

To allow incoming SSH connections from a specific IP subnet named 202.54.1.1/29, enter:

$ sudo ufw allow from 202.54.1.1/29 to any port 22

 

To allow incoming SSH connections from a specific IP subnet named 10.8.0.0/24 to 10.8.0.1 and tcp port 22, enter:

$ sudo ufw allow from 10.8.0.0/24 to 10.8.0.1 port 22 proto tcp

Limit incoming SSH port for all

Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The syntax is:

$ sudo ufw limit ssh

 

OR

$ sudo ufw limit 22/tcp

How to check the status of ufw

The syntax is:

$ sudo ufw status

 

Sample outputs:

Status: active

 

To                         Action      From

—                         ——      —-

22                         ALLOW       Anywhere

72.14.190.12 443/tcp       ALLOW       Anywhere

72.14.190.12 80/tcp        ALLOW       Anywhere

if ufw was not enabled the output would be:

sudo ufw status

Status: inactive

To turn on UFW on with the default set of rules including open SSH port, enter:

$ sudo ufw enable

$ sudo ufw status verbose

 

This entry is 2 of 6 in the Uncomplicated Firewall (UFW) series. Keep reading the rest of the series:

How to install UFW firewall on Ubuntu 16.04 LTS server

How to open ssh port using ufw on Ubuntu/Debian Linux

How to configure ufw to forward port 80/443 to internal server hosted on LAN

How to block an IP address with ufw on Ubuntu Linux server

How to limit SSH (TCP port 22) connections with ufw on Ubuntu Linux

How To: Ubuntu Linux Firewall Open Port Command Using UFW