What are the pros and cons of using the Digital Ocean cloud firewall over something like UFW ? Should both be used at the same time or will that be redundant ?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
UFW is a host-based tool, while DO’s Cloud Firewall is a network-based one… Using DO’s tool will not only provide reusability of rules (deploy inbound / outbound rules to many droplets - or even tags - at once) but also processes them before even getting to the droplet. Don’t get me wrong, UFW is an amazing, full-feature and extremely efficient tool, however when it comes to deploying shared common rules to lots of servers, it’s a bit time-consuming and repetitive task.
IMHO using them both at the same time would be redundant (assuming you have same rules on both firewalls). I would just go with the Cloud Firewall… Hope I could help!!!
If I use DO cloud firewall, does that also mean I can stop using fail2ban?
I guess you’d still need UFW/IPTables if you want to use fail2ban.