How do I limit ssh connection attempts using UFW (Uncomplicated Firewall) on Ubuntu or Debian Linux server?

UFW means Uncomplicated Firewall. It is a default firewall on Ubuntu. However, one can install ufw on other Linux distros. For example Arch Linux, Debian, CentOS and more. In other words, ufw is nothing but a front-end for managing a Netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use for developers and new Linux users. Let us see how to limit SSH connection with ufw on Ubuntu or Debian Linux.

ADVERTISEMENTS

Rate limiting with ufw

You can add limit rule. Currently only IPv4 (Internet Protocol version 4) is supported. With this syntax you can deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. This option is very useful for services such as sshd as those are attacks by bots and other bad actors. Hence, we use firewall to protect our server from brute force attacks.

Syntax to limit SSH (TCP port 22) connections with ufw

The syntax is pretty simple:

## ufw limit ssh various usage ##
ufw limit ssh

ufw limit ssh/tcp

ufw limit ssh comment 'Rate limit for openssh server'

### if sshd is running on tcp port 2022 add ####
ufw limit 2022/tcp comment 'SSH port rate limit'

The above rules are useful for protecting against brute-force login attacks. When a limit rule is used, ufw will normally allow the connection but will deny connections if an IP address attempts to initiate six or more connections within thirty seconds. Once setup you can verify it with the following command:

$ sudo ufw limit ssh/tcp comment 'Rate limit for openssh serer'

$ sudo ufw status

#ssh #ubuntu #tcp port 22