0

This is a very basic question, but all the answers I can find either relate to WordPress installs or Bitnami installs. I have a plain Debian instance running Nginx.

I would like to set up Fail2Ban. The problem is that Lightsail seems to have its own firewall, configurable via the console. It isn't clear to me how Fail2Ban would work with such a firewall, and I don't want to potentially screw up my install by installing ufw or iptables on top of the already running Lightsail firewall.

How would one handle this situation?

ShankarG
  • 145
  • 5

1 Answers1

3

Think of the Lightsail firewall as your static firewall, and iptables as your dynamic, reactive firewall.

Firewall rules such as permanently blocking ports or blocking IP ranges of countries should go under the Lightsail firewall. While blocking that one IP that is brute forcing SSH credentials would be the job of Fail2Ban/ufw/iptables.

Having two layers of firewalls should have no adverse effect on your install. In fact, this configuration allows for the best possible performance since your OS doesn't need to utilize system resources to process packets which have already been blocked by the Lightsail firewall.

slightly_toasted
  • 732
  • 3
  • 13
  • Makes a lot of sense. But can you say a little more about what you mean by "if properly configured"? – ShankarG Aug 05 '21 at 16:45
  • 1
    @ShankarG In retrospect I could have left those three words out. No configuration is going to "break" your OS, but you will save some CPU cycles by delegating most of the firewalling to the Lightsail firewall. – slightly_toasted Aug 05 '21 at 17:24