APF Linux Firewall Open Port 22 From Specific / Selected IP Address Only

Author: Vivek Gite Last updated: June 9, 2008 2 comments

Q. I’ve CentOS Linux server configured with APF firewall. How do I open port 22 from specific IP address only? I’ve fix static ADSL IP address assgined and I’d like to open port 22 from my IP 202.5.1.3 only using APF firewall script. How do I configure firewall?

A. You need to edit two files:

a) /etc/apf/conf.apf – Main configuration file

b) /etc/apf/allow_hosts.rules – File to allow host wise configuration. You can set trust based rulesto grant access all or specific IP and port via the firewall.

APF Configuration

Open file /etc/apf/conf.apf, enter:
# vi /etc/apf/conf.apf
Find line that read as follows:
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,3306"
ake sure you remove 22 from the list, so that it read as follows:
IG_TCP_CPORTS="20,21,25,53,80,110,143,443,3306"
Save and close the file. Now, open /etc/apf/allow_hosts.rules
# vi /etc/apf/allow_hosts.rules
Allow incomming SSH (TCP port # 22) traffic from your own ADSL connection only 202.5.1.3, append following text.
tcp:in:d=22:s=202.5.1.3
Save and close the file. Restart APF firewall:
# /etc/init.d/apf restart


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one


Related Tutorials
CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • Anymous Sep 2, 2009 @ 4:41

    thanks for the ip adress will hack it soon

    Reply Link
  • LuZiFeR Nov 14, 2010 @ 10:40

    Yeah :D Also you could start scanning ‘0.0.0.0 – 255.255.255.255’ ;D

    Reply Link

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum

Next FAQ:

Previous FAQ:

FEATURED ARTICLES

Sign up for my newsletter