Allow Connections to VNC Server Only From Specific IP Addresses

11.10 vnc ip-address restricted
37,869

You could use ufw - the "uncomplicated firewall" that comes with a standard ubuntu install.

sudo ufw allow 22/tcp
sudo ufw allow 5901/tcp from 12.34.56.78
sudo ufw default reject incoming
sudo ufw enable

Which is:

  • allow ssh connections (otherwise you will lock yourself out)
  • allow VNC connections from one IP address (edit the port if you don't use 5901)
  • reject all other incoming connections
  • enable the firewall

Make sure you allow ssh before enabling the firewall, otherwise you'll be locked out.

Share:
37,869

Related videos on Youtube

Brandon
Author by

Brandon

Updated on September 18, 2022

Comments

  • Brandon
    Brandon almost 2 years

    I administrate an Ubuntu 11.10 Server. I've installed tightvncserver on it so I can have a desktop environment on the server.

    My issue now is, I'm running into issues with malicious people spamming the VNC server with authentication attempts. I've strengthened up the password, but it's still inconvenient as it restricts me from connecting as the person is using up all the authentication attempts.

    There are pretty much around 5 IP addresses that should be able to ATTEMPT to authenticate to the VNC server, this person is using proxies from Romania, China, Korea, etc.

    How can I accept authentication attempts to ONLY the IP addresses I specify?

    Essentially, I want to do the opposite of this: How to deny VNC access to a particular IP?

    And this with VNC instead: How can I allow SSH password authentication from only certain IP addresses?

    Any ideas?

    Thanks, Brandon

    • jippie
      jippie about 12 years
      Configuring iptables is an option, but so might configuring the VNC server be. Does tight allow configuring a client whitelist?
    • Brandon
      Brandon about 12 years
      As a temporary solution, I've just been manually blocking the proxies using iptables as there's only been a few so far. Considering the person is bothering to actually keep trying means they wont be going away easily.
  • Noah Buscher
    Noah Buscher almost 10 years
    I found that line two of your solution didn't work, though sudo ufw allow from 12.34.56.78 to any port 5901 seemed to do the trick. This allows any protocols, though that can be changed for just TCP.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Wrong keyboard layout when connecting with VNC
Vino-server does not work since update to 11.10
Set desktop resolution for standard 11.10 VNC server
How do I ping the Ubuntu host system from a Windows guest in VirtualBox?
Configuring graphical desktop on Linode VPS
How can I start a VNC server before log on?
How to get faster graphics in KVM? VNC is painfully slow with Haiku OS guest, Spice won't install and SDL doesn't work
Flutter: Get local IP address on Android
Accessing HTTP server from any network Flutter
can't connect to MySQL database using external ip address