UFW and Fail2ban

Posted on 2021-01-16

They say the internet can be a bad place, and you should do certain things to try to keep yourself safe.

There are plenty of short guides on how to implement UFW and ban2fail. Like this one.

This is as much a reminder to self for next time that these are steps to do.

UFW

Uncomplicated firewalls.

Install ufw and ssh, http, and https.

sudo apt install ufw
sudo ufw allow ssh  
sudo ufw allow http
sudo ufw allow https

Check everything looks ok

sudo ufw show added

and then enable

sudo ufw enable

I don’t use any mail, or any other services so that’s all for now.

Fail2ban

Install

sudo apt install fail2ban

This automatically enables the fail2ban service.

Copy the template configs

cp /etc/fail2ban/fail2ban.{conf,local}
cp /etc/fail2ban/jail.{conf,local}

and edit at leisure.

Restart the service

sudo systemctl restart fail2ban

Bonus: Certification

The good people of EFF provide the Let’s Encrypt service.

It has almost trivial installation instructions using the certbot. This handles (if you ask for it) updating nginx config to auto redirect to https. There’s really no more to add here.