Restricting SSH connections

Increasing your system’s security by limiting SSH access to a single, specified machine (is this example, within your Local Area Network (LAN)) is always a good strategic approach. This method focuses on configuring firewall rules to ensure only a designated device can connect.

Determine the Permitted Laptop’s IP Address

Firstly, you need to identify the IP address of the machine allowed to SSH into your system. On Fedora or macOS, this can typically be found by accessing the network settings or by executing the ip addr command in the terminal.

Suppose the allowed laptop’s IP address is

Configuring the Firewall with firewalld

Fedora uses firewalld for firewall management, allowing you to define precise access control rules:

  1. Implement a Rich Rule: Add a firewall rule to permit SSH connections only from your specified IP address by executing:

    sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="" service name="ssh" accept'

    This command creates a permanent rule in the public zone, authorizing SSH connections exclusively from the IP address

  2. Reload the Firewall: To activate your configuration, reload the firewall:

    sudo firewall-cmd --reload

Verify Your Firewall Configuration

Ensure your settings are correctly applied by listing all active rules:

sudo firewall-cmd --list-rich-rules --zone=public

This command will display the rich rules within the public zone, including your SSH connection restriction.

Important Considerations