I just went through the process of setting up fail2ban for when I plan on opening up my pi to the outside world in the future. It took a bit of trial and error. I currently just have fail2ban set up, but I was wondering if anyone could tell me what is the benefit of using ufw in addition with fail2ban?
From what I understand, ufw acts as a firewall, blocking attempted logins from IPs. However, isn't this what fail2ban does as well? Or is it more like ufw blocks connection of any sort from an IP, while fail2ban simply blocks password login attempts? Thank you for any help.
-
go-fireworks-
- Posts: 3
- Joined: Mon Dec 16, 2019 4:00 am
Re: Benefit of using ufw with fail2ban
A firewall blocks socket connects so you can for example use UFW to block all IP addresses in China from connecting to your SSH port at all.
Or you could choose to block everyone except a few select nets where you know you would need to be.
As you said fail2ban will only add IP-adresses to a block list after they have connected and failed to log in one or more times.
If there was a serious flaw in SSH that would let hackers bypass login completely, fail2ban would not protect you but UFW could.
Or you could choose to block everyone except a few select nets where you know you would need to be.
As you said fail2ban will only add IP-adresses to a block list after they have connected and failed to log in one or more times.
If there was a serious flaw in SSH that would let hackers bypass login completely, fail2ban would not protect you but UFW could.
-
DougieLawson
- Posts: 39301
- Joined: Sun Jun 16, 2013 11:19 pm
- Location: A small cave in deepest darkest Basingstoke, UK
- Contact: Website Twitter
Re: Benefit of using ufw with fail2ban
Two different things.
ufw blocks all except your permitted ports from external connections (or in some cases prevents outbound connections).
fail2ban is doing intrusion detection (albeit in a slightly crude way) which is blocking external connections when they trip your filters.
ufw blocks all except your permitted ports from external connections (or in some cases prevents outbound connections).
fail2ban is doing intrusion detection (albeit in a slightly crude way) which is blocking external connections when they trip your filters.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.
Criticising any questions is banned on this forum.
Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.
Criticising any questions is banned on this forum.
Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.
-
go-fireworks-
- Posts: 3
- Joined: Mon Dec 16, 2019 4:00 am
Re: Benefit of using ufw with fail2ban
Okay, that makes sense. So I could block all ports except my ssh port with ufw, then ban an external connection with fail2ban if the attempt more than X number of logins?DougieLawson wrote: ↑Mon Dec 16, 2019 1:20 pmTwo different things.
ufw blocks all except your permitted ports from external connections (or in some cases prevents outbound connections).
fail2ban is doing intrusion detection (albeit in a slightly crude way) which is blocking external connections when they trip your filters.
-
DougieLawson
- Posts: 39301
- Joined: Sun Jun 16, 2013 11:19 pm
- Location: A small cave in deepest darkest Basingstoke, UK
- Contact: Website Twitter
Re: Benefit of using ufw with fail2ban
That's how it works. In my case X == 1 and my ban time is -1 (never unban until I delete/recreate the fail2ban database).go-fireworks- wrote: ↑Mon Dec 16, 2019 10:46 pm
Okay, that makes sense. So I could block all ports except my ssh port with ufw, then ban an external connection with fail2ban if the attempt more than X number of logins?
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.
Criticising any questions is banned on this forum.
Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.
Criticising any questions is banned on this forum.
Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.