Block ssh connection by IP

The subject is rather lame, as blocking ssh by IP source is really last resource. But sometimes can be handy.

• Modify sshd_config
  Just add in /etc/ssh/sshd_config
  

  
  AllowUsers *@192.169.1.1
  

  
  People non connecting from 192.168.1.1 will be prompted for username and password, but they could try forever as none will work.
  


• Use inetd
  Add in /etc/hosts.deny:
  

  
  sshd: ALL
  

  
  and in /etc/hosts.allow:
  

  
  sshd: 192.169.1.1
  

  
  People outside 192.168.1.1 receive a: ssh_exchange_identification: Connection closed by remote host, while nmap states port 22 as "open".
  


• Use iptables
  Add to INPUT chain, with a default deny, something like:
  

  
  iptables -A INPUT -p tcp -m tcp -s 192.169.1.1/32 --dport 22 --syn -j ACCEPT
  

  
  People outside 192.168.1.1 will have connection hanged, and nmap says port 22 is "filtered".