I use Uncomplicated Firewall (UFW). Its a friendly version of iptables for people with simple needs. Additional information here. I configure SSH to use keys only (no password authentication) however I also like to restrict by IP to reduce the load on fail2ban. With this in mind I needed to find away of whitelisting all IP’s used by my ISP.
In order to do this I use a handy tool from Hurricane Electric:
You can simply replace the AS number your ISP’s. You can find this out by doing a whois on the IP address. Although the description will change the AS number is always the same in my experience.
I simply copied the prefix column, pasted as plain text in excel and then used the following formula:
=CONCATENATE(“ufw allow from “,A1, “ to any port 22”)
Finally I inserted into a bash script and ran it.