I want to restrict SSH connections to my server to a country only. I tried GeoIP and Ipfilter without success (Location of authpriv.notice logs on Bitnami). Another solution would be to configure a rule on Cloudflare, which is the DNS for my server, to block all SSH connections from a different country. Looking at the Cloudflare rules, it does not seem a standard option: the closest options seem to be Referer
, Request method
, and HTTP version
. And yet, Cloudflare has a post from 3 years ago mentioning SSH access through Cloudflare, so I would think it is standard by now.
Is it possible to block or allow SSH connections to a server on Cloudflare?
You could look into Cloudflare for Teams which can be used to enforce authentication based on your configured policies before allowing the connection to your origin server. The policies can include country.
Teams can be used for web application or also for other TCP based application such as SSH.
Here is a tutorial explaining the approach.