This is probably a hacky way to go about things, but if I don't write it down, I know I'll have forgotten it by the time maintenance comes around in 2033…

TL;DR: use ufw but ensure you can access ssh.


I've published 38 videos for new developers, designers, UX, UI, product owners and anyone who needs to conquer the command line today.

ufw - Uncomplicated Firewall

Although when I'm maintaining a machine directly I'm likely doing it through AWS, and AWS does also have IP level security, it (AWS) is a pain to navigate and I often get lost. Plus, knowing ufw is useful away from AWS.

ufw is a firewall tool that (in my case) was disabled by default, and when enabled, denies all incoming traffic - including my own SSH connections.

So, this is a short primer (and reminder) for future me.

$ sudo ufw status # expecting "disabled"
$ sudo ufw allow ssh # let us back in using SSH
$ sudo ufw allow https # because I'm usually running a server
$ sudo ufw enable

Now test, importantly without closing the current connection.

This puts the firewall in place. Now if I want to block an individual IP address:

$ sudo ufw deny from to any

Now any requests from are discarded at the network level, allowing my resources to happily continue without wasting resources on a client that's been configured to automatically request from my machine multiple times a second with the wrong API key…

Fair warning

As I mentioned, this feels like a bit of a fast and lose approach, and this wouldn't get me a job as head of Ops in Big Corp. But it works for me. Your mileage may vary!