使用AWS re:Post即您表示您同意 AWS re:Post 使用条款

Using Fail2Ban with Greengrass Secure Tunnel Component

0

We would like to secure our edge devices with Fail2Ban, https://github.com/fail2ban/fail2ban, without blocking the AWS Greengrass V2 Component for Secure Tunnel. Is there any guidance as to how to configure our fail2ban to not block the secure tunnel ?

1 回答
1
已接受的回答

I am not aware of such guidance, and didn't find any in a quick search - which might be an indication that it doesn't exist. Generally speaking, Secure tunneling uses a client/device-initiated tunneling, which means that you don't need any inbound ports open as long as established connections are allowed. See also here for more details. That being said, fail2ban should not block those as long as it's only applied on inbound connections. Also, if you don't require any inbound connections, I would recommend to not open any inbound port, but only allow the outbound plus established / related connections.

profile pictureAWS
已回答 1 年前
profile picture
专家
已审核 6 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则