This is a very basic question, but all the answers I can find either relate to WordPress installs or Bitnami installs. I have a plain Debian instance running Nginx.
I would like to set up Fail2Ban. The problem is that Lightsail seems to have its own firewall, configurable via the console. It isn't clear to me how Fail2Ban would work with such a firewall, and I don't want to potentially screw up my install by installing ufw
or iptables
on top of the already running Lightsail firewall.
How would one handle this situation?
Think of the Lightsail firewall as your static firewall, and iptables as your dynamic, reactive firewall.
Firewall rules such as permanently blocking ports or blocking IP ranges of countries should go under the Lightsail firewall. While blocking that one IP that is brute forcing SSH credentials would be the job of Fail2Ban/ufw/iptables.
Having two layers of firewalls should have no adverse effect on your install. In fact, this configuration allows for the best possible performance since your OS doesn't need to utilize system resources to process packets which have already been blocked by the Lightsail firewall.