Question

Disabling UFW in favour of DO Cloud Firewall ?

Posted on January 27, 2018
Security Ubuntu 16.04 Firewall
Asked by ramitmittalk

What are the pros and cons of using the Digital Ocean cloud firewall over something like UFW ? Should both be used at the same time or will that be redundant ?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Kaê Angeli Coutinho • March 19, 2018

Accepted Answer

UFW is a host-based tool, while DO’s Cloud Firewall is a network-based one… Using DO’s tool will not only provide reusability of rules (deploy inbound / outbound rules to many droplets - or even tags - at once) but also processes them before even getting to the droplet. Don’t get me wrong, UFW is an amazing, full-feature and extremely efficient tool, however when it comes to deploying shared common rules to lots of servers, it’s a bit time-consuming and repetitive task.

IMHO using them both at the same time would be redundant (assuming you have same rules on both firewalls). I would just go with the Cloud Firewall… Hope I could help!!!

jtlocsei • December 21, 2018

If I use DO cloud firewall, does that also mean I can stop using fail2ban?

Attoy • January 27, 2018

I guess you’d still need UFW/IPTables if you want to use fail2ban.