ERPNext Conference 2019* ERPNext.com Blog

Manual Configuring of Fail2ban


#1

Hey

So i add issues with fail2ban on my setup(Multitenancy DNS), so i uninstalled and Reinstalled the service,

when i enable the service ‘ufw enable’ my sites wont be reachable but when i its disabled “ufw disable” the sites becomes reachable .

Will appreciate any guide or tips to setting up fail2ban properly for my production setup.


#2

You can adjust the UFW tables - log in as root or a sudo enabled user, and then runn commands like this…you will have to adjust the ports to match your system…

#optionally...
sudo ufw --force reset #IF you want to clear what's in there already
#
sudo ufw allow proto tcp to 0.0.0.0/0 port 8000
sudo ufw allow to 0.0.0.0/0 port 53
sudo ufw enable
sudo ufw reload

Ports that you will probably need to open… 8000(production) or 8080(dev). I don’t think the ports for 11000 etc need to be allowed, since they are local, but you might need to.
To check which ports are in use, you can run

netstat -tnlp | grep -i listen


#3

Thank you for your prompt response

i tried the above and still didn’t work below is my screenshot when i checked the ports running.


#4

Hey
I am still having issues with this, please is there anybody who can help?


#5

In the screenshot, there are 3 nginx ports that would need to be opened
8000, 8001, 8002
I don’t think you need to open ports for 11000,11001,11002 or 12000,12001,12002 or 13000,13001,13002, but you could try that and see if it works. Similarly for 9000,9001,9002


#6

@trentmu thanks for the tips…this sorted me out


#7

Glad to hear it!