By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Using Fail2Ban with Greengrass Secure Tunnel Component

0

We would like to secure our edge devices with Fail2Ban, https://github.com/fail2ban/fail2ban, without blocking the AWS Greengrass V2 Component for Secure Tunnel. Is there any guidance as to how to configure our fail2ban to not block the secure tunnel ?

Topics
Internet of Things (IoT)Developer ToolsAWS Well-Architected Framework
Tags
AWS IoT CoreDeveloper ToolsSecurity
Language
English
scriobhneoir
asked 6 months ago183 views
1 Answer
0
Accepted Answer

I am not aware of such guidance, and didn't find any in a quick search - which might be an indication that it doesn't exist. Generally speaking, Secure tunneling uses a client/device-initiated tunneling, which means that you don't need any inbound ports open as long as established connections are allowed. See also here for more details. That being said, fail2ban should not block those as long as it's only applied on inbound connections. Also, if you don't require any inbound connections, I would recommend to not open any inbound port, but only allow the outbound plus established / related connections.

profile pictureAWS
Michael
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content