How to open ssh port using ufw on Ubuntu/Debian Linux

Posted on in Categories , , , last updated February 12, 2017

How do I allow incoming SSH connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw?

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for opening incoming SSH connection on Ubuntu Linux 16.04 LTS or Debian Linux server.
Fig.01: Allow Incoming SSH from Specific IP Address or Subnet
Fig.01: Allow Incoming SSH from Specific IP Address or Subnet

Open incoming SSH port for all

The syntax is:
sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp
If you are running ssh on TCP port # 2222, enter:
$ sudo ufw allow 2222/tcp

How to allow incoming SSH from specific IP address

The syntax is:
$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22
To allow incoming SSH connections from a specific IP address named 202.54.1.1, enter:
$ sudo ufw allow from 202.54.1.1 to any port 22

How to allow incoming SSH from specific subnets

The syntax is:
$ sudo ufw allow from {IP_SUB/net} to any port 22
To allow incoming SSH connections from a specific IP subnet named 202.54.1.1/29, enter:
$ sudo ufw allow from 202.54.1.1/29 to any port 22

Limit incoming SSH port for all

Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The syntax is:
$ sudo ufw limit ssh
OR
$ sudo ufw limit 22/tcp

How to check the status of ufw

The syntax is:
$ sudo ufw status
Sample outputs:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
72.14.190.12 443/tcp       ALLOW       Anywhere                  
72.14.190.12 80/tcp        ALLOW       Anywhere                  

if ufw was not enabled the output would be:

sudo ufw status
Status: inactive

To turn on UFW on with the default set of rules including open SSH port, enter:
$ sudo ufw enable
$ sudo ufw status verbose

Leave a Comment