How to Block SSH and FTP Access to Specific IP and Network Range in Linux

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Senthil Kumar

A Linux Consultant, living in India. He loves very much to write about Linux, Open Source, Computers and Internet. Apart from that, He'd like to review Internet tools and web services.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

9 Responses

  1. Kumar says:


    This is a nice article for iptables. I’m using it to block access from countries that we do not do business. Your readers could download the free list from and it is working fine using iptables.

  2. Jigs says:

    Hey, you have mentioned what to do to allow few IP address or range for the FTP access. But before allowing them we have to block the FTP at all and then I’ll keep adding IDs which I want to be allowed.
    So What will be the first step?

  3. ravinder says:

    I not able to block on lan (but in lan particular ip and i don’t want to use squid server for this ). i have two interface, eth0 is a WAN interface and eth1 is a lan interface.

    My WAN ip 
    LAN network :-

    I want to block on and rest able to access how can i do this and I am using Centos 6.7

    • Ravi Saive says:


      You can block for particular network IP address and rest allowed using iptables as shown.

      # iptables -I FORWARD ! -s -m string --algo bm --string "" -j DROP
  4. Cherif says:

    with TCP Wrappers you don’t have too restart sshd or vsftpd.

  5. kishor says:

    # firewall-cmd –direct –add-rule ipv4 filter INPUT 1 -m tcp –source -p tcp –dport 22 -j REJECT <—-here can we put
    #iptables -I INPUT -s -p tcp –dport ssh -j ACCEPT <—-here can we put

  6. Ehsan says:

    Thanks for the tutorial. First of all can’t we do it with rich rule ?? I asked a question to many expert. I am having a FTP server , around 30 users from accross the world send some file on that server. previously i used iptable and give access to them and later i denied all . and that works fine. What is my question is that in firewalld richrule or direct rule do i need to do any deny rule after all the permit rule ??

    I havn’t got any ans. regarding it . Could you please tell me do i need to and if so then what would be the systex ??


  7. Mayuresh Mulye says:

    Very nice and simple article !

    Thanks !

Leave a Reply to Kumar Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.