Score:0

How do I set up Fail2Ban on an Amazon Lightsail Debian instance, when it has its own firewall?

it flag

This is a very basic question, but all the answers I can find either relate to WordPress installs or Bitnami installs. I have a plain Debian instance running Nginx.

I would like to set up Fail2Ban. The problem is that Lightsail seems to have its own firewall, configurable via the console. It isn't clear to me how Fail2Ban would work with such a firewall, and I don't want to potentially screw up my install by installing ufw or iptables on top of the already running Lightsail firewall.

How would one handle this situation?

Score:3
bd flag

Think of the Lightsail firewall as your static firewall, and iptables as your dynamic, reactive firewall.

Firewall rules such as permanently blocking ports or blocking IP ranges of countries should go under the Lightsail firewall. While blocking that one IP that is brute forcing SSH credentials would be the job of Fail2Ban/ufw/iptables.

Having two layers of firewalls should have no adverse effect on your install. In fact, this configuration allows for the best possible performance since your OS doesn't need to utilize system resources to process packets which have already been blocked by the Lightsail firewall.

it flag
Makes a lot of sense. But can you say a little more about what you mean by "if properly configured"?
slightly_toasted avatar
bd flag
@ShankarG In retrospect I could have left those three words out. No configuration is going to "break" your OS, but you will save some CPU cycles by delegating most of the firewalling to the Lightsail firewall.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.