Nowadays, protecting our Linux server is very important. Blocking the SSH and FTP access to specific IP addresses and network ranges is a very important step to improve security.
Let us discuss why we should block the SSH and FTP access on our Linux operating system. We will also talk about two different types of methods to block the SSH and FTP access to specific IP and network ranges in our Linux system.
Why Should We Block the SSH and FTP Access in Linux?
For various convincing reasons, blocking the SSH (Secure Shell) and FTP (File Transfer Protocol) access in Linux is critical. First and foremost, security is very important. We limit the attack chances in our Linux by blocking the access and making it less vulnerable. Brute-force attacks and other unwanted access attempts frequently target the SSH and FTP. We prevent these attacks by blocking the access to specific IP and network ranges.
Second, the regulatory compliance and privacy are the major issues. Many businesses must follow the strict industry or government rules such as GDPR, HIPAA, or PCI DSS. These rules often require the implementation of severe access controls by enterprises.
Furthermore, we may adjust our server’s security measures to our organization’s specific needs by blocking the SSH and FTP access to specified IP addresses or network ranges. This helps us access only the right individuals. We can use these methods since these methods reduce the danger of data breaches and ensure a server stability.
1. Using Iptables
The iptables is an effective tool to control the network security on Linux. It works at the packet level, allowing us to establish the rules for blocking the traffic based on a variety of parameters such as the source and destination IP addresses.
Let us see the steps on how we can block the SSH and FTP access with the help of iptables.
We can create our rules by accessing the iptables configuration file which is usually located at “/etc/sysconfig/iptables” or “/etc/iptables/rules.v4”.
To block the SSH access from a specific IP address, type the following line to the configuration file:
-A INPUT -s 192.168.2.101 -p tcp –destination-port 22 -j DROP
To block the FTP access, we have to input a similar line for the FTP port:
-A INPUT -s 192.168.2.101 -p tcp –destination-port 21 -j DROP
After adding these rules, we have to save the configuration file and restart the “iptables” service.
We have to type the following command to apply these changes:
2. Using the TCP Wrappers
Another way to block the SSH and FTP access is using the TCP Wrappers. TCP Wrappers is a simple yet the best host-based network access control method. The TCP Wrappers is integrated with SSH and FTP, both simplifying the process. We can easily manage them by changing these two important files: “/etc/hosts.allow” and “/etc/hosts.deny”.
To block the access to specific IP and network range, we need to open the “/etc/hosts.deny” file using any text editor.
Then, we have to type two lines to block a specific incoming SSH connection.
sshd: 192.168.2.0/255.255.255.0
To block the FTP access, we have to type the following lines in the same file:
vsftpd: 192.168.2.0/255.255.255.0
Finally, we have to restart the SSH and FTP services. Now, the SSH and FTP access are blocked to some IP and Networks.
We can restart SSH by typing the following commands in our terminal:
$ systemctl restart sshd
We can restart FTP by typing the following commands in our terminal:
$ systemctl restart vsftpd
The SSH and FTP access from the hosts with the IP address of 192.168.2.101 and the network range of 192.168.2.0 will be blocked.
Conclusion
Linux gives us various methods for personalized access control such as iptables or TCP Wrappers. We can easily reduce the vulnerabilities and the risk of unauthorized access by blocking the SSH and FTP access to specific IP addresses and network ranges. It is a good security practice that makes maintaining our server very simple.
