How to open ssh port using ufw on Ubuntu/Debian Linux

Posted on in Categories , , , last updated May 12, 2017

How do I allow incoming SSH connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw?

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for opening incoming SSH connection on Ubuntu Linux 16.04 LTS or Debian Linux server.
Fig.01: Allow Incoming SSH from Specific IP Address or Subnet
Fig.01: Allow Incoming SSH from Specific IP Address or Subnet

Open incoming SSH port for all

The syntax is:
sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp
OR (add the comment)
$ sudo ufw allow 22/tcp comment 'Open port ssh tcp port 22'
If you are running ssh on TCP port # 2222, enter:
$ sudo ufw allow 2222/tcp

How to allow incoming SSH from specific IP address

The syntax is:
$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22
To allow incoming SSH connections from a specific IP address named 202.54.1.1, enter:
$ sudo ufw allow from 202.54.1.1 to any port 22

How to allow incoming SSH from specific subnets

The syntax is:
$ sudo ufw allow from {IP_SUB/net} to any port 22
OR
$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp
OR
$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp
To allow incoming SSH connections from a specific IP subnet named 202.54.1.1/29, enter:
$ sudo ufw allow from 202.54.1.1/29 to any port 22
To allow incoming SSH connections from a specific IP subnet named 10.8.0.0/24 to 10.8.0.1 and tcp port 22, enter:
$ sudo ufw allow from 10.8.0.0/24 to 10.8.0.1 port 22 proto tcp

Limit incoming SSH port for all

Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The syntax is:
$ sudo ufw limit ssh
OR
$ sudo ufw limit 22/tcp

How to check the status of ufw

The syntax is:
$ sudo ufw status
Sample outputs:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
72.14.190.12 443/tcp       ALLOW       Anywhere                  
72.14.190.12 80/tcp        ALLOW       Anywhere                  

if ufw was not enabled the output would be:

sudo ufw status
Status: inactive

To turn on UFW on with the default set of rules including open SSH port, enter:
$ sudo ufw enable
$ sudo ufw status verbose

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.