When setting up a new Linux server, one of the first tasks for any system administrator is to configure the firewall. Usually, this involves allowing access to essential services, such as SSH (Port 22), so we can manage it remotely. The standard command for this is sudo ufw allow ssh.
But there’s a silent problem with this approach: by simply allowing access, you leave the gate open for anyone on the internet to try to connect, as many times as they want.
This makes your server an easy target for brute-force attacks, where automated bots try to guess your password thousands of times per minute.
Fortunately, there is a much smarter and more secure way to configure your firewall with a single word.
In this tutorial, we will teach you how to use the UFW limit rule to mitigate this risk proactively and effectively.
What is a Brute-Force Attack?
Imagine a burglar trying to break into your house by testing, one by one, every possible key in your lock. A brute-force attack is the digital version of that.
Automated scripts try to log into your servers, such as SSH, FTP, or telnet, using millions of username and password combinations, hoping one of them will work.
Without proper protection, your server is vulnerable, and its CPU resources are wasted responding to these attempts.
The Smart Solution: Understanding ufw limit
Instead of simply using allow, we can use limit. What does this magic command do?
sudo ufw limit sshIn the command above, we are applying ufw limit for SSH.
This command allows connections, but with a smart condition: if the same IP address tries to establish 6 or more connections within a 30-second period, UFW will deny any new connections from that IP.
In other words, it acts like a security guard who notices suspicious behavior and blocks entry.
For a legitimate user who mistypes the password once or twice, nothing happens.
For a brute-force bot, which fires off dozens of attempts in seconds, the door is slammed shut.
Step-by-Step Tutorial: Implementing the limit Rule
Let’s apply this layer of security to your server.
It is important to note that here we are assuming a practical example in which you have previously allowed access to the SSH server. An example of how this could be done is with the command below.
sudo ufw allow ssh
Step 1: Checking the Current Firewall Status
First, let’s see which rules are already active.
sudo ufw status
You will probably see an output like this, showing that SSH is allowed (ALLOW).
Step 2: Applying the New limit Rule
Now, let’s add our limiting rule. You can use the service name (OpenSSH) or the port number (22).
sudo ufw limit OpenSSH
Or you can use the rule by the port that OpenSSH originally uses.
sudo ufw limit 22/tcp
The firewall will respond that the rule has been added.
Step 3: Verifying the Result
Run the status command again to confirm the change.
sudo ufw status
Or we can see the result below.
The output should now show the new limit rule, ensuring your protection is active.
Optional) Step 4: Removing the Old Rule
To keep your firewall clean, you can delete the original ALLOW rule, since LIMIT replaces it more securely.
In this case, we would be eliminating any permission rule for TCP port 22, which is the original port for OpenSSH.
sudo ufw delete allow 22/tcpIn most cases, using ufw limit will replace the ufw allow rules. The difference occurs when we create rules for ports and not for services.
This is because you might have a service, like OpenSSH, running on another port that you have defined.
Conclusion: A Simple and Powerful Layer of Defense
A server’s security is built in layers, and the ufw limit rule is one of the easiest layers with the highest return on investment that you can implement.
With a single command, you mitigate one of the most common and noisy attack vectors on the internet, freeing up your server’s resources and allowing you to sleep a little more soundly.
See more:
How to Scan for Rootkits and Malware on Linux Servers with chkrootkit
AIDE : IDS for Linux Ubuntu Installation and Configuration
Why use Kali Linux inside VirtualBox?
How to Install Kali Linux on VirtualBox: Step-by-Step Guide for Beginners
Tutorial: How to use WHOIS and RDAP
https://help.ubuntu.com/community/UFW
Juliana Mascarenhas
Data Scientist and Master in Computer Modeling by LNCC.
Computer Engineer
5 Obsolete Kali Linux Tools and Their Modern Replacements
Kali Linux is the standard Swiss Army knife for any cybersecurity professional. Its repository is…
Maverick Malware: Why the WhatsApp (.ZIP) Scam Only Works on a PC
In recent weeks, this new banking trojan (malware focused on stealing bank data) has exploded…
URGENT ACTION: Critical WSUS Flaw (CVE-2025-59287) Actively Exploited (CVSS 9.8). Patch Now!
If you are a Windows systems administrator or manage a company’s IT infrastructure, stop what…
Configure VirtualBox NAT Network: VM Communication and Internet Access Guide
Do you need your virtual machines (VMs) in VirtualBox to communicate with each other, but…
The ClickFix Attack: How “Copy & Paste” Leads to Remote Code Execution (RCE)
Today, we’re going to dive into an attack tactic that, despite its simplicity and reliance…
Monitor Your Router with Zabbix: The Definitive ICMP Ping Guide
Your internet is down… again. Was it the provider? Did the router crash? Or did…
