From 4bc4087d2beb1f3eecd13af3141c0066ac616a13 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Sat, 19 Sep 2015 13:46:51 +0300 Subject: [PATCH] ufw: use sshguard for protecting sshd --- _posts/2015-06-12-ufw.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_posts/2015-06-12-ufw.md b/_posts/2015-06-12-ufw.md index 5509b1e..e12cb56 100644 --- a/_posts/2015-06-12-ufw.md +++ b/_posts/2015-06-12-ufw.md @@ -17,7 +17,7 @@ network and with IPv6 your devices have public IPv6 addresses. This post first has list of commands, then explanations. ``` -ufw limit 22/tcp +ufw allow 22/tcp ufw default deny incoming ufw default allow outgoing systemctl enable ufw && systemctl start ufw @@ -31,9 +31,9 @@ ufw allow from 172.16.0.0/16 to any port 17500 proto tcp ufw allow 60000:61000/udp ``` -* 22 TCP/ssh — Prevent more than 6 connections in 30 seconds to the SSH - port and it's the first command as you don't want to lock yourself out - of it. +* 22 TCP/ssh — Allow acces to SSHdm you don't want to lock yourself out. + * previously I used `ufw limit` but it seems to be too oversensitive, + just use SSHGuard. * Deny incoming connections unless the port has been whitelisted. * Allow all outgoing connections, keeping list of authorized ports would be too much for me.