Home > Ubuntu > Server or Desktop administration > Ubuntu Geo-Restricted SSH Access

Step 1: Install the ipset package

 
sudo apt install ipset 

Step 2: Download India IP ranges

 
wget https://www.ipdeny.com/ipblocks/data/countries/in.zone -O /tmp/in.zone 

Step 3: Create an ipset for India

 
sudo ipset create india hash:net 

Step 4: Add IP ranges into the ipset

 
while read ip; do sudo ipset add india $ip; done < /tmp/in.zone 

Step 5: Verify current iptables rules

 
iptables -L INPUT --line-numbers 

Step 6: Add iptables rules for SSH restriction

 
sudo iptables -A INPUT -p tcp --dport 22 -m set --match-set india src -j ACCEPT 
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT 

Step 7: Save iptables rules

 
sudo netfilter-persistent save 

Step 8: Create rc.local for ipset persistence

 
sudo vim /etc/rc.local 

Insert the following lines in /etc/rc.local:

 
#!/bin/bash 
ipset restore < /etc/ipset.conf exit 0 

Make the file executable:

 
sudo chmod +x /etc/rc.local 

Step 9: Save ipset and iptables to files

 
sudo sh -c "ipset save > /etc/ipset.conf" 
sudo sh -c "iptables-save > /etc/iptables/rules.v4" 

Home > Ubuntu > Server or Desktop administration > Ubuntu Geo-Restricted SSH Access