Protect Against Brute Force with ufw

By | 2011/08/08

ufw is the super easy firewall interface featured in Ubuntu and also the latest Debian.

Somewhat like fail2ban, one feature of ufw is built-in rate limiting to protect against brute force attacks.

While this could be used on any port, a common use is on port 22 to protect against ssh dictionary attacks or other poking.

To enable rate limiting on ssh, issue the following:

$ sudo ufw limit ssh

(PS: You can give this command to safely overwrite your current ssh rule.)

To view your current firewall configuration use:

$ sudo ufw status

user@li166-66:~$ sudo ufw status
[sudo] password for user: 
Status: active

To                         Action      From
--                         ------      ----
22                         LIMIT       Anywhere

This will deny connections of an IP if 6 or more logins are attempted in the last 30 seconds.

To the person trying to brute force, it will look similar to this:


And yes you could also use this to rate limit pop, imap, or smtp logins!


Thanks Aric