The original post: /r/ubuntu by /u/Pristine_Rise3181 on 2024-11-13 17:55:14.

Hi-

I have a subnet (A) with several Ubuntu servers running SSH service.

I’d like to be able to permit SSH access to these servers *only* from another subnet (B), which is separated from subnet A by a firewall.

The firewall will drop any SSH traffic other than from subnet B, however the Ubuntu servers on subnet A will still be able to communicate directly with each other without traversing the firewall.

I want to be able to block these Ubuntu subnet A servers from being able to SSH to each other.

I know that some advanced switches are able to do this, but I believe the switch these servers connect to is not even managed, so don’t think this will be an option.

Is it possible to block SSH traffic within the subnet using the Ubuntu servers themselves? eg iptables, or nftables or something else?