This is probably a hacky way to go about things, but if I don't write it down, I know I'll have forgotten it by the time maintenance comes around in 2033…
ufw but ensure you can access ssh.
READER DISCOUNTSave $50 on terminal.training
I've published 38 videos for new developers, designers, UX, UI, product owners and anyone who needs to conquer the command line today.
ufw - Uncomplicated Firewall
Although when I'm maintaining a machine directly I'm likely doing it through AWS, and AWS does also have IP level security, it (AWS) is a pain to navigate and I often get lost. Plus, knowing
ufw is useful away from AWS.
ufw is a firewall tool that (in my case) was disabled by default, and when enabled, denies all incoming traffic - including my own SSH connections.
So, this is a short primer (and reminder) for future me.
$ sudo ufw status # expecting "disabled" $ sudo ufw allow ssh # let us back in using SSH $ sudo ufw allow https # because I'm usually running a server $ sudo ufw enable
Now test, importantly without closing the current connection.
This puts the firewall in place. Now if I want to block an individual IP address:
$ sudo ufw deny from 220.127.116.11 to any
Now any requests from
18.104.22.168 are discarded at the network level, allowing my resources to happily continue without wasting resources on a client that's been configured to automatically request from my machine multiple times a second with the wrong API key…
As I mentioned, this feels like a bit of a fast and lose approach, and this wouldn't get me a job as head of Ops in Big Corp. But it works for me. Your mileage may vary!