DO Network Firewall vs UFW

November 30, 2018 732 views
Ubuntu 18.04 DigitalOcean Cloud Firewalls

I have two droplets, one a DB server and one an application server. The DB server has a host-based UFW ruleset allowing access only to from a certain IP, specifically so that only the application server can communicate with it.

My question is, in a scenario like this, is DO’s Cloud Firewall preferable? My understanding is that this firewall is network-based, and would filter the traffic before it touches the host, potentially saving the host some resources.

Is this a correct assumption? And if so, would configuring the cloud firewall in this way eliminate the need for the UFW configuration?

1 Answer


Indeed you are correct, having a Cloud Firewall would essentially mean that the traffic would be filtered before it even reaches your server. This could be very beneficial in case of a big DDoS attack, that way the malicious traffic would not even reach your droplet.

I would strongly recommend always having a software firewall like UFW enabled even if you have a separate Cloud Firewall.

Hope that this helps!

Have another answer? Share your knowledge.