DNS is on our roadmap.

We're working one large feature first that's going to make it even easier to deploy code, then we're going to start on DNS management through our interface.

The firewall sounds interesting and we're going to add it our backlog and begin discussions on that.

I agree, I've found AWS's "Security Groups" good. A firewall for droplets that lets us apply port-based policies to droplets to allow only certain ports would be useful.

If you implement a control-panel based firewall, I will move all of my hosting to you that very day - I'm so far very impressed by the speed at which you appear to be growing and as well funded as you *appear* to be... you may unseat Linode at this pace :)

Thanks for the kind words guys, if there are particular features and/or functionality that you are looking for in terms of Firewall please let us know as it will help us develop our product roadmap.

Thanks,
Moisey
DigitalOcean

For firewall: I'd like to see groups for host IPs (both external host groups and internal host groups) which can be used to assign rules to groups instead of directly on host IPs. (For instance, allow FTP from my house and my brother's house to a predefined subgroup of my internal hosts)

so inbound rule flow could be applied like
external host group -> rule (or rule group!) -> internal host group

Groups of rules would be cool (allow ssh, ftp, etc. all at once) but probably not necessary right off the bat.

And don't forget IPv6 or the fact that some droplet hosts can have more than one IP on them :)

We've updated this request to just reflect Cloud Firewall because DNS has been launched.

Please up-vote if you are interested in a cloud firewall service through the control panel!

Thanks

Firewall yep!

Installing a control panel based firewall rule generator does not take too much disk space. I think Webmin is easy to use and install on any droplet. Maybe it is also a good way, if D.O. includes it in the default images. But... anyway, if someone has a minimal experience with Linux, it should not mean any problem. BTW, Webmin also has a large set of tools, which can help sysadmins.

Not only a basic firewall but also a security wall against sql ingection, xss... (maybe I'm thinking too big...)

SQL injection and XSS attacks are done on sites based on the code quality (or lack thereof) of the site alone. There's no way they could make some magical protection layer for that.

That being said, a firewall offering prior to data hitting our droplets would be nice. It isn't exactly necessary, but I definitely wouldn't mind seeing it.

Managed firewall is a bit tricky and needs to be discussed further because Linux provides great firewall management tools out of the box.

If you want something more complex like SQL injection protection that really isn't a traditional firewall.

It might make the most sense to create a "firewall image"... maybe something like pfSense... and then roll it out after implementing VLANing and internal IP addresses. It could run comfortably on a small VM and would allow a person to use it between their other VPSs and the rest of the internet.

I'd like to see something like Amazon's security groups if possible.

Please provide us a firewall and a DDoS protection. My droplet is under attack and is generating a traffic about 500 kbps.
We need this traffic droped before the droplet. Iptables isn't the best option :(

My vote is for something approximating security groups!

Security groups would be great

I question your judgement regarding DNS being on your roadmap prioritized before firewall / security groups and internal networking and routing among servers. DNS is available everywhere and is trivial to implement. Having a good firewall and secure, isolated mechanism for networking servers internally is prerequisite for any installation. This was actually a deal-breaker for me and I will continue using Amazon for the time being. I will keep my eye out as you provide an excellent value proposition.

Good luck!

will it help using the CloudFlare and/or its pay service?

Some news about firewall?

Definitely want a separate firewall front-end, like Amazon's Security Groups which gives users an easy front-end to create their own firewall rules to their centrally managed firewalls. Attacks against your server would be intercepted before it got to your Droplet and handled by Digital Ocean experts. IP tables and Windows Firewall is good, but I would never expose a Linux or Windows server directly to the Internet again. I did it once with Linux (years ago) and a hacker was able to exploit and install a root kit. Network security requires layers. Some providers give an option of having a separate Cisco firewall for your cloud instance -- I hate that idea as it is expensive and it does not come with central monitoring.