Question
Disabling UFW in favour of DO Cloud Firewall ?
- Posted on January 27, 2018
- FirewallSecurityUbuntu 16.04
Asked by ramitmittalk
What are the pros and cons of using the Digital Ocean cloud firewall over something like UFW ? Should both be used at the same time or will that be redundant ?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.
Get started for free
Enter your email to get $200 in credit for your first 60 days with DigitalOcean.
New accounts only. By submitting your email you agree to our Privacy Policy.
UFW is a host-based tool, while DO’s Cloud Firewall is a network-based one… Using DO’s tool will not only provide reusability of rules (deploy inbound / outbound rules to many droplets - or even tags - at once) but also processes them before even getting to the droplet. Don’t get me wrong, UFW is an amazing, full-feature and extremely efficient tool, however when it comes to deploying shared common rules to lots of servers, it’s a bit time-consuming and repetitive task.
IMHO using them both at the same time would be redundant (assuming you have same rules on both firewalls). I would just go with the Cloud Firewall… Hope I could help!!!
If I use DO cloud firewall, does that also mean I can stop using fail2ban?
I guess you’d still need UFW/IPTables if you want to use fail2ban.