Debian Security Hardening

Hardening Debian 12 (Bookworm) with iptables and Fail2Ban

Secure your Debian 12 (Bookworm) server by implementing iptables and Fail2Ban. This guide covers essential security measures to protect your VPS.

Why Security Matters

Debian servers are prime targets for brute-force attacks and unauthorized access. Combining iptables for network filtering with Fail2Ban for intrusion prevention provides robust multi-layered security.

Step 1: Install iptables and Fail2Ban

sudo apt update
sudo apt install iptables iptables-persistent fail2ban -y

Step 2: Configure Firewall Rules

Set up basic firewall rules:

# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT

# Allow established connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow SSH, HTTP, HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Drop all other incoming traffic
sudo iptables -A INPUT -j DROP

# Save rules
sudo netfilter-persistent save

Step 3: Enable iptables and Fail2Ban

sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl enable netfilter-persistent

Step 4: Verify Configuration

sudo iptables -L -n -v
sudo fail2ban-client status
sudo fail2ban-client status sshd

Additional Security Tips

• Configure Fail2Ban jail.local to customize ban times and max retries for SSH
• Use iptables-persistent to ensure firewall rules survive reboots
• Enable automatic security updates with unattended-upgrades package

Conclusion

Your Debian server is now protected with iptables and Fail2Ban. Regular security audits are recommended.