Limit SSH Connections with UFW on Ubuntu

This article provides a quick guide on how to configure the Uncomplicated Firewall (UFW) on Ubuntu Linux to limit the rate of incoming SSH connections. Implementing this configuration helps secure your server against brute-force login attempts by automatically restricting IP addresses that make excessive connection requests.

Step 1: Check UFW Status

Before applying any rules, check if UFW is installed and running on your system. Run the following command in your terminal:

sudo ufw status

If UFW is inactive, you can proceed with the configuration, but you will need to enable the firewall at the end of the process.

Step 2: Apply the SSH Rate Limit Rule

UFW has a built-in limit command. This command is highly useful for SSH because it allows connections but will deny access from an IP address if it attempts to initiate 6 or more connections within 30 seconds.

To apply this rule to the default SSH port (port 22), run:

sudo ufw limit ssh

If you are running SSH on a custom port (for example, port 2222), specify the port and protocol instead:

sudo ufw limit 2222/tcp

Step 3: Enable the Firewall

If UFW was not previously enabled, turn it on now to apply the rules.

Note: If you are connected via SSH, enabling the firewall with the limit rule active will not disconnect your current session.

sudo ufw enable

Confirm the action by pressing y when prompted.

Step 4: Verify the Configuration

To ensure the rate-limiting rule is correctly applied and active, check the status of UFW again:

sudo ufw status verbose

In the output, you should see a rule looking like this:

To                         Action      From
--                         ------      ----
22/tcp (SSH)               LIMIT       Anywhere

This confirms that UFW is actively monitoring and limiting incoming SSH connections to protect your Ubuntu server from brute-force attacks.