What firewall products open source or commercial can be deployed on digitalocean?

What firewall products open source or commercial can be deployed on digitalocean? I have the need to have a firewall/Nextgen firewall as part of my application stack and need to know if I can do this on digitalocean.


Have a look at, an open source cloud managed layer 7 firewall which provides complete visibility over internet use on a per user, device and application basis through subscription services, all the firewall and filtering goodness is free for anyone to use. If you’re keen to have a look the install instructions are here happily runs in a VM.

I’m looking for a firewall tool that has IPS and Virus/Malware scanning ability. Essentially this will be the internet edge appliance that will scan the inbound and outbound traffic for my application stack. This is need so that I can secure my environment.

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hey, ryanpq, MOD of October 10, 2016, we deserve a better answer by now. It’s 2018 and Digital Ocean should be helping secure the cloud by sharing solid tools they recommend to the public. It’s hard to maintain such a standing on what to use, but we don’t do things because they are easy.

Any news on when you will allow a firewall appliance to be installed from iso or from a small group of options pfsense/opnsense/sophos.

The world of IDS/IPS software is fairly complicated and, in order to get real benefit from any of them (not just feeling good about having some software installed), you often need a high level of knowledge of the domain and time to configure, watch, maintain, and customize your IDS software.

That said, some of the best IDS/IPS software out there is Bro and Snort. Bro is better but requires more expertise. Snort is a simpler and more popular. With most IDSes, you can configure them as IPSes in response to events.

Dialing things back to much simpler and a much better starting point if you don’t have any firewall yet, services like HeatShield will help you configure a network firewall without needing to do anything from the command line. If you prefer the command line, each Linux distribution has different iptables frontends that their users prefer (for example, ufw on Ubuntu).

The right choice (and combination of choices) depends a lot on how much time and expertise you have.

You receive full root access for each droplet you create on DigitalOcean and can install just about any software firewall that supports Linux or FreeBSD operating systems. The default firewall on most modern Linux distributions is iptables and this guide can help with the basics. If you’re using Ubuntu or Debian as your operating system the ufw front-end makes managing iptables much easier.

Further protection can be added to iptables by running an instance of fail2ban. This tool helps prevent attackers from gaining access through brute force attacks on your server by automatically adding firewall rules based on criteria (for example, blocking someone for 30 minutes after 5 failed login attempts).