is there a way to allow for a range of addresses in. say from 192.168.0.1 to 192.168.0.100 ?
The code in my previous example should allow that. The term 192.168.0.0/24 is the same as setting your subnet mask to 255.255.255.0. This basically means that your network will be operating on a single subnet and can have up to 256 hosts. Another way of looking at this would be: 192.168.0.[1-254].
If you want to only allow or deny specific addresses access to SSH then create each one as a separate rule. Creating them as separate rules gives you the advantage of easy maintenance as you want to allow or deny more hosts access to SSH. If you're using UFW then you are already losing your ability to truly optimize for performance in a high traffic environment anyway.
Here is an example of allowing a specific host access:
sudo ufw allow from 192.168.0.22 to any port 22 proto tcp
Here is an example of denying a specific host access:
sudo ufw deny from 192.168.0.22 to any port 22
If this machine is routing traffic across the network then the rules will change slightly. Pretend that 192.168.0.12 is a development server and 192.168.0.22 needs SSH access to the server for his/her job. However, I don't want him/her to have access to the other production servers.
sudo ufw allow from 192.168.0.22 to 192.168.0.12 port 22 proto tcp
Since your firewall should be using a default deny policy for incoming traffic, you don't need to create deny rules for the other production servers.
Let me know if you need anymore help.
Edited by Kaosu, 02 July 2014 - 07:34 PM.