By Dustin Weld
What firewall products open source or commercial can be deployed on digitalocean? I have the need to have a firewall/Nextgen firewall as part of my application stack and need to know if I can do this on digitalocean.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hey, ryanpq, MOD of October 10, 2016, we deserve a better answer by now. It’s 2018 and Digital Ocean should be helping secure the cloud by sharing solid tools they recommend to the public. It’s hard to maintain such a standing on what to use, but we don’t do things because they are easy.
Any news on when you will allow a firewall appliance to be installed from iso or from a small group of options pfsense/opnsense/sophos.
You receive full root access for each droplet you create on DigitalOcean and can install just about any software firewall that supports Linux or FreeBSD operating systems. The default firewall on most modern Linux distributions is iptables and this guide can help with the basics. If you’re using Ubuntu or Debian as your operating system the ufw front-end makes managing iptables much easier.
Further protection can be added to iptables by running an instance of fail2ban. This tool helps prevent attackers from gaining access through brute force attacks on your server by automatically adding firewall rules based on criteria (for example, blocking someone for 30 minutes after 5 failed login attempts).
The world of IDS/IPS software is fairly complicated and, in order to get real benefit from any of them (not just feeling good about having some software installed), you often need a high level of knowledge of the domain and time to configure, watch, maintain, and customize your IDS software.
That said, some of the best IDS/IPS software out there is Bro and Snort. Bro is better but requires more expertise. Snort is a simpler and more popular. With most IDSes, you can configure them as IPSes in response to events.
Dialing things back to much simpler and a much better starting point if you don’t have any firewall yet, services like HeatShield will help you configure a network firewall without needing to do anything from the command line. If you prefer the command line, each Linux distribution has different iptables frontends that their users prefer (for example, ufw on Ubuntu).
The right choice (and combination of choices) depends a lot on how much time and expertise you have.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.