This article will help you create rules to restrict SSH connections from unknown IP addresses. This will enhance the security of your server.
First, you need to install the firewall. Enter the command dnf install firewalld
, then confirm the action by typing Y
.
After the successful installation, start firewalld
with the command systemctl start firewalld
Check the status by entering the command
systemctl status firewalld
. Make sure the status is active and then press CTRL+C
.
Run the command:
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<ip_address>" service name="ssh" accept'
This rule allows connections to your server from the IP address specified in the "source address" attribute.
Run the command:
firewall-cmd --permanent --remove-service=ssh
This rule denies SSH connections from any IP address except the allowed ones.
Reload firewalld
with the command firewall-cmd --reload
Check the active rules with the command
firewall-cmd --list-all
.
Now, your server can only be accessed from the IP address specified in the rule. In our example, this is 127.0.0.1
.