Ubuntu Geo-Restricted SSH Access

From Notes_Wiki

Home > Ubuntu > Server or Desktop administration > Ubuntu Geo-Restricted SSH Access

Step 1: Install the ipset package

 
sudo apt install ipset

Step 2: Download India IP ranges

 
wget https://www.ipdeny.com/ipblocks/data/countries/in.zone -O /tmp/in.zone

Step 3: Create an ipset for India

 
sudo ipset create india hash:net

Step 4: Add IP ranges into the ipset

 
while read ip; do sudo ipset add india $ip; done < /tmp/in.zone

Step 5: Verify current iptables rules

 
iptables -L INPUT --line-numbers

Step 6: Add iptables rules for SSH restriction

 
sudo iptables -A INPUT -p tcp --dport 22 -m set --match-set india src -j ACCEPT 
sudo iptables -A INPUT -p tcp --dport 22 -j REJECT

Step 7: Save iptables rules

 
sudo netfilter-persistent save

Step 8: Create rc.local for ipset persistence

 
sudo vim /etc/rc.local

Insert the following lines in /etc/rc.local: 

 
#!/bin/bash 
ipset restore < /etc/ipset.conf exit 0

Make the file executable: 

 
sudo chmod +x /etc/rc.local

Step 9: Save ipset and iptables to files

 
sudo sh -c "ipset save > /etc/ipset.conf" 
sudo sh -c "iptables-save > /etc/iptables/rules.v4"


Home > Ubuntu > Server or Desktop administration > Ubuntu Geo-Restricted SSH Access

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Ubuntu_Geo-Restricted_SSH_Access&oldid=9602"