tamoanxx
By:
tamoanxx

What firewall products open source or commercial can be deployed on digitalocean?

October 10, 2016 737 views
Firewall

What firewall products open source or commercial can be deployed on digitalocean? I have the need to have a firewall/Nextgen firewall as part of my application stack and need to know if I can do this on digitalocean.

2 comments
  • I'm looking for a firewall tool that has IPS and Virus/Malware scanning ability. Essentially this will be the internet edge appliance that will scan the inbound and outbound traffic for my application stack. This is need so that I can secure my environment.

  • Have a look at Linewize.com, an open source cloud managed layer 7 firewall which provides complete visibility over internet use on a per user, device and application basis through subscription services, all the firewall and filtering goodness is free for anyone to use. If you're keen to have a look the install instructions are here http://linewize.com/install. happily runs in a VM.

2 Answers

You receive full root access for each droplet you create on DigitalOcean and can install just about any software firewall that supports Linux or FreeBSD operating systems. The default firewall on most modern Linux distributions is iptables and this guide can help with the basics. If you're using Ubuntu or Debian as your operating system the ufw front-end makes managing iptables much easier.

Further protection can be added to iptables by running an instance of fail2ban. This tool helps prevent attackers from gaining access through brute force attacks on your server by automatically adding firewall rules based on criteria (for example, blocking someone for 30 minutes after 5 failed login attempts).

by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
  • I'm looking for a firewall tool that has IPS and Virus/Malware scanning ability. Essentially this will be the internet edge appliance that will scan the inbound and outbound traffic for my application stack. This is need so that I can secure my environment.

The world of IDS/IPS software is fairly complicated and, in order to get real benefit from any of them (not just feeling good about having some software installed), you often need a high level of knowledge of the domain and time to configure, watch, maintain, and customize your IDS software.

That said, some of the best IDS/IPS software out there is Bro and Snort. Bro is better but requires more expertise. Snort is a simpler and more popular. With most IDSes, you can configure them as IPSes in response to events.

Dialing things back to much simpler and a much better starting point if you don't have any firewall yet, services like HeatShield will help you configure a network firewall without needing to do anything from the command line. If you prefer the command line, each Linux distribution has different iptables frontends that their users prefer (for example, ufw on Ubuntu).

The right choice (and combination of choices) depends a lot on how much time and expertise you have.

Have another answer? Share your knowledge.