Firewall Configuration — UFW, iptables, nftables, fail2ban Defence-in-Depth Model A production server should have at least two layers : 1. Cloud security group — controls traffic at the hypervisor/VPC level; blocks reach the host NIC. Cheapest filter; stateful by default. Configure this first. 2. Host-based firewall (UFW / iptables / nftables) — applied by the kernel; catches port scans, limits rate of connections, enforces policy if security group is misconfigured. 3. fail2ban — bans IP addresses that show malicious behaviour patterns (too many auth failures, suspicious request patterns) by…