Skip to content
Menu
vernon.wenberg.net
vernon.wenberg.net
June 22, 2023July 9, 2023

Allow SSH connections only from certain addresses using hosts.deny/hosts.allow

This is the method that can be used to allow SSH connections from certain IP networks. An example use for this is allowing SSH from certain public IP networks, as well as from my Tailscale network. If possible, it is probably better to use iptables/nftables/ufw or the firewall feature of your hosting provider if they provide such a feature.

First, edit /etc/hosts.allow and add address ranges in CIDR notation, single IP, or IP/Subnet format. Replace the following ranges with your desired IP ranges.

sshd: 1.1.1.0/8, 100.64.0.0/10, 127.0.0.0/8

Edit /etc/hosts.deny.

sshd: ALL

This can also be used to block other services and ports by replacing sshd.

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to print (Opens in new window) Print
  • Click to share on Pocket (Opens in new window) Pocket
  • Click to share on Reddit (Opens in new window) Reddit
  • Click to share on LinkedIn (Opens in new window) LinkedIn

Like this:

Like Loading...

Related

Disclaimer

These posts are notes for me. These are not guides and you should not use these instructions as step-by-step instructions without knowing what they do.

Recent Posts

  • Configure acme.sh with PowerDNS
  • HPE Aruba-CX Notes
  • Docker Reference
  • Useful Commands for Windows Subsystem for Linux
  • FortiManager Local-In Policy

Mastodon

  1. Loading Mastodon feed...

©2025 vernon.wenberg.net | Powered by WordPress and Superb Themes!
%d