How to open ssh port using ufw on Ubuntu/Debian Linux
H
ow do I allow incoming SSH connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw?
UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for opening incoming SSH connection on Ubuntu Linux 16.04 LTS or Debian Linux server.
Fig.01: Allow Incoming SSH from Specific IP Address or Subnet
Open incoming SSH port for all
The syntax is:
sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp
OR (add the comment)
$ sudo ufw allow 22/tcp comment Open port ssh tcp port 22
If you are running ssh on TCP port # 2222, enter:
$ sudo ufw allow 2222/tcp
How to allow incoming SSH from specific IP address
The syntax is:
$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22
To allow incoming SSH connections from a specific IP address named 202.54.1.1, enter:
$ sudo ufw allow from 202.54.1.1 to any port 22
How to allow incoming SSH from specific subnets
The syntax is:
$ sudo ufw allow from {IP_SUB/net} to any port 22
OR
$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp
OR
$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp
To allow incoming SSH connections from a specific IP subnet named 202.54.1.1/29, enter:
$ sudo ufw allow from 202.54.1.1/29 to any port 22
To allow incoming SSH connections from a specific IP subnet named 10.8.0.0/24 to 10.8.0.1 and tcp port 22, enter:
$ sudo ufw allow from 10.8.0.0/24 to 10.8.0.1 port 22 proto tcp
Limit incoming SSH port for all
Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The syntax is:
$ sudo ufw limit ssh
OR
$ sudo ufw limit 22/tcp
How to check the status of ufw
The syntax is:
$ sudo ufw status
Sample outputs:
Status: active
To Action From
— —— —-
22 ALLOW Anywhere
72.14.190.12 443/tcp ALLOW Anywhere
72.14.190.12 80/tcp ALLOW Anywhere
if ufw was not enabled the output would be:
sudo ufw status
Status: inactive
To turn on UFW on with the default set of rules including open SSH port, enter:
$ sudo ufw enable
$ sudo ufw status verbose
This entry is 2 of 6 in the Uncomplicated Firewall (UFW) series. Keep reading the rest of the series:
How to install UFW firewall on Ubuntu 16.04 LTS server
How to open ssh port using ufw on Ubuntu/Debian Linux
How to configure ufw to forward port 80/443 to internal server hosted on LAN
How to block an IP address with ufw on Ubuntu Linux server
How to limit SSH (TCP port 22) connections with ufw on Ubuntu Linux
How To: Ubuntu Linux Firewall Open Port Command Using UFW