How do I set up Fail2Ban on an Amazon Lightsail Debian instance, when it has its own firewall?

amazon-web-services debian firewall fail2ban amazon-lightsail

Think of the Lightsail firewall as your static firewall, and iptables as your dynamic, reactive firewall.

Firewall rules such as permanently blocking ports or blocking IP ranges of countries should go under the Lightsail firewall. While blocking that one IP that is brute forcing SSH credentials would be the job of Fail2Ban/ufw/iptables.

Having two layers of firewalls should have no adverse effect on your install. In fact, this configuration allows for the best possible performance since your OS doesn't need to utilize system resources to process packets which have already been blocked by the Lightsail firewall.

Related

Why does this routing setup not working
How to copy the target file vs the symlink
looping Get-ReceiveConnector to grab multiple receive connectors
Reconfigure HP Smart Array RAID 50 with larger drives
No Ping/Telnet connection between VM
Email rejected as Spam by Gmail [duplicate]
How to fix from the server side: ERROR: The certificate of ‘www.example.org’ is not trusted
How to install CentOs 5.8 on 3TB disk with RAID 1 on Hetzner EX 4S (10 TB) server?
wildcard dns redirect to root as well
Limit on number of raid arrays in a HP P420i
Kill child process when the parent exits
Identical mysql processes