[BlueOnyx:26933] Re: Blocking SSH Access
Michael Stauber
mstauber at blueonyx.it
Sun Apr 21 04:21:01 -05 2024
Hi Colin,
> I have installed APF and Fail2ban but if I add any entries into the APF
> blacklist or whitelist they get overwritten by Fail2ban.
Fail2ban doesn't overwrite that.
> I have added the following entries into the APF glob_deny.rules
>
> # Block SSH Access
>
> tcp:in:d=22:s=0/0
>
> and in glob_allow.rules
>
> #Allow SSH
>
> tcp:in:d=22:s=93.89.130.113
>
> tcp:in:d=22:s=piltraque.jacoma.es
>
> That doesn’t seem to work! :-/
/etc/apf/glob_allow.rules isn't the right place to do this. That is a
rule-file that is downloaded from an external URL. See "Server
Management" / "Security" / "APF" and then in the "External
Resources"-tab expand "Own Remote Rules". There you could specify an URL
to a remote glob_allow.rules and glob_deny.rules file.
If the feature "Own Remote Rules" isn't enabled (which it usually
isn't), then /etc/apf/glob_allow.rules is wiped clean on each APF
restart. So that's why your changes didn't stick.
The one you're really looking for is this:
/etc/apf/allow_hosts.rules
Which you can also edit via the GUI in APF's "Whitelist"-tab.
To close the SSH port (except for specifically whitelisted IPs) go to
APF's "Ports" tab and remove port 22 from the list of open TCP ports and
save the changes.
That should do it.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list