Question

Disabling UFW in favour of DO Cloud Firewall ?

What are the pros and cons of using the Digital Ocean cloud firewall over something like UFW ? Should both be used at the same time or will that be redundant ?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

UFW is a host-based tool, while DO’s Cloud Firewall is a network-based one… Using DO’s tool will not only provide reusability of rules (deploy inbound / outbound rules to many droplets - or even tags - at once) but also processes them before even getting to the droplet. Don’t get me wrong, UFW is an amazing, full-feature and extremely efficient tool, however when it comes to deploying shared common rules to lots of servers, it’s a bit time-consuming and repetitive task.

IMHO using them both at the same time would be redundant (assuming you have same rules on both firewalls). I would just go with the Cloud Firewall… Hope I could help!!!

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

If I use DO cloud firewall, does that also mean I can stop using fail2ban?

I guess you’d still need UFW/IPTables if you want to use fail2ban.