How to Block SSH and FTP Access to Specific IP and Network Range in Linux

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Senthil Kumar

A Linux Consultant, living in India. He loves very much to write about Linux, Open Source, Computers and Internet. Apart from that, He'd like to review Internet tools and web services.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

7 Responses

  1. ravinder says:

    I not able to block facebook.com on lan (but in lan particular ip and i don’t want to use squid server for this ). i have two interface, eth0 is a WAN interface and eth1 is a lan interface.

    My WAN ip 1.2.3.4 
    LAN network :- 192.168.10.1/24
    

    I want to block facebook.com on 192.168.10.16 and rest able to access facebook.com. how can i do this and I am using Centos 6.7

    • Ravi Saive says:

      @Ravinder,

      You can block facebook.com for particular network IP address and rest allowed using iptables as shown.

      # iptables -I FORWARD ! -s 192.168.10.16 -m string --algo bm --string "facebook.com" -j DROP
      
  2. Cherif says:

    with TCP Wrappers you don’t have too restart sshd or vsftpd.

  3. kishor says:

    # firewall-cmd –direct –add-rule ipv4 filter INPUT 1 -m tcp –source 192.168.1.100/24 -p tcp –dport 22 -j REJECT <—-here can we put 192.168.1.0/24
    #iptables -I INPUT -s 192.168.1.100/24 -p tcp –dport ssh -j ACCEPT <—-here can we put 192.168.1.0/24

  4. Ehsan says:

    Thanks for the tutorial. First of all can’t we do it with rich rule ?? I asked a question to many expert. I am having a FTP server , around 30 users from accross the world send some file on that server. previously i used iptable and give access to them and later i denied all . and that works fine. What is my question is that in firewalld richrule or direct rule do i need to do any deny rule after all the permit rule ??

    I havn’t got any ans. regarding it . Could you please tell me do i need to and if so then what would be the systex ??

    Thanks
    Ehsan

  5. Mayuresh Mulye says:

    Very nice and simple article !

    Thanks !

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 300K+ Linux Users
  1. 257,757
  2. 11,967
  3. 39,682

Are you subscribed?