DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-2863 /
  • New idea
268 Vote

Cloud firewall

firewall service in the cloud with nice interface so no need to install extra software on Droplet.

  • Mac
  • Sep 11 2018
  • Shipped
DigitalOcean General
  • Sep 11, 2018

    Admin response

    Hello everybody. It took some time but we are extremely happy to announce the launch of Cloud Firewalls, an easy way to protect your Droplets. It's available on all regions today and it's free. Please read more details on the link bellow: https://blog.digitalocean.com/cloud-firewalls-secure-droplets-by-default/ Thanks a lot for sending us feedback and feature requests. Stay tuned for more security related news in the future. Best regards Rafael
  • Comments (47)
  • Votes (268)
  • Attach files
  • Moisey Uretsky commented
    11 Sep, 2018 08:04pm

    DNS is on our roadmap.

    We're working one large feature first that's going to make it even easier to deploy code, then we're going to start on DNS management through our interface.

    The firewall sounds interesting and we're going to add it our backlog and begin discussions on that.

    ×

    Attachments Open full size

  • Kris Forbes commented
    11 Sep, 2018 08:04pm

    I agree, I've found AWS's "Security Groups" good. A firewall for droplets that lets us apply port-based policies to droplets to allow only certain ports would be useful.

    ×

    Attachments Open full size

  • Ben Daniel commented
    11 Sep, 2018 08:04pm

    If you implement a control-panel based firewall, I will move all of my hosting to you that very day - I'm so far very impressed by the speed at which you appear to be growing and as well funded as you *appear* to be... you may unseat Linode at this pace :)

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 08:04pm

    Thanks for the kind words guys, if there are particular features and/or functionality that you are looking for in terms of Firewall please let us know as it will help us develop our product roadmap.

    Thanks,
    Moisey
    DigitalOcean

    ×

    Attachments Open full size

  • Ben Daniel commented
    11 Sep, 2018 08:04pm

    For firewall: I'd like to see groups for host IPs (both external host groups and internal host groups) which can be used to assign rules to groups instead of directly on host IPs. (For instance, allow FTP from my house and my brother's house to a predefined subgroup of my internal hosts)

    so inbound rule flow could be applied like
    external host group -> rule (or rule group!) -> internal host group

    Groups of rules would be cool (allow ssh, ftp, etc. all at once) but probably not necessary right off the bat.

    And don't forget IPv6 or the fact that some droplet hosts can have more than one IP on them :)

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 08:04pm

    We've updated this request to just reflect Cloud Firewall because DNS has been launched.

    Please up-vote if you are interested in a cloud firewall service through the control panel!

    Thanks

    ×

    Attachments Open full size

  • Honda commented
    11 Sep, 2018 08:04pm

    Firewall yep!

    ×

    Attachments Open full size

  • Ferenc Szalkai commented
    11 Sep, 2018 08:04pm

    Installing a control panel based firewall rule generator does not take too much disk space. I think Webmin is easy to use and install on any droplet. Maybe it is also a good way, if D.O. includes it in the default images. But... anyway, if someone has a minimal experience with Linux, it should not mean any problem. BTW, Webmin also has a large set of tools, which can help sysadmins.

    ×

    Attachments Open full size

  • Honda commented
    11 Sep, 2018 08:04pm

    Not only a basic firewall but also a security wall against sql ingection, xss... (maybe I'm thinking too big...)

    ×

    Attachments Open full size

  • Kaidesa commented
    11 Sep, 2018 08:04pm

    SQL injection and XSS attacks are done on sites based on the code quality (or lack thereof) of the site alone. There's no way they could make some magical protection layer for that.

    That being said, a firewall offering prior to data hitting our droplets would be nice. It isn't exactly necessary, but I definitely wouldn't mind seeing it.

    ×

    Attachments Open full size

  • Moisey Uretsky commented
    11 Sep, 2018 08:04pm

    Managed firewall is a bit tricky and needs to be discussed further because Linux provides great firewall management tools out of the box.

    If you want something more complex like SQL injection protection that really isn't a traditional firewall.

    ×

    Attachments Open full size

  • Matt Stanton commented
    11 Sep, 2018 08:04pm

    It might make the most sense to create a "firewall image"... maybe something like pfSense... and then roll it out after implementing VLANing and internal IP addresses. It could run comfortably on a small VM and would allow a person to use it between their other VPSs and the rest of the internet.

    ×

    Attachments Open full size

  • Josh commented
    11 Sep, 2018 08:04pm

    I'd like to see something like Amazon's security groups if possible.

    ×

    Attachments Open full size

  • Anonymous commented
    11 Sep, 2018 08:04pm

    Please provide us a firewall and a DDoS protection. My droplet is under attack and is generating a traffic about 500 kbps.
    We need this traffic droped before the droplet. Iptables isn't the best option :(

    ×

    Attachments Open full size

  • Ben Firshman commented
    11 Sep, 2018 08:04pm

    My vote is for something approximating security groups!

    ×

    Attachments Open full size

  • Gustavo Gawryszewski commented
    11 Sep, 2018 08:04pm

    Security groups would be great

    ×

    Attachments Open full size

  • Anonymous commented
    11 Sep, 2018 08:04pm

    I question your judgement regarding DNS being on your roadmap prioritized before firewall / security groups and internal networking and routing among servers. DNS is available everywhere and is trivial to implement. Having a good firewall and secure, isolated mechanism for networking servers internally is prerequisite for any installation. This was actually a deal-breaker for me and I will continue using Amazon for the time being. I will keep my eye out as you provide an excellent value proposition.

    Good luck!

    ×

    Attachments Open full size

  • Matthew Ho commented
    11 Sep, 2018 08:04pm

    will it help using the CloudFlare and/or its pay service?

    ×

    Attachments Open full size

  • Ricardo Falasca commented
    11 Sep, 2018 08:04pm

    Some news about firewall?

    ×

    Attachments Open full size

  • TJH commented
    11 Sep, 2018 08:04pm

    Definitely want a separate firewall front-end, like Amazon's Security Groups which gives users an easy front-end to create their own firewall rules to their centrally managed firewalls. Attacks against your server would be intercepted before it got to your Droplet and handled by Digital Ocean experts. IP tables and Windows Firewall is good, but I would never expose a Linux or Windows server directly to the Internet again. I did it once with Linux (years ago) and a hacker was able to exploit and install a root kit. Network security requires layers. Some providers give an option of having a separate Cisco firewall for your cloud instance -- I hate that idea as it is expensive and it does not come with central monitoring.

    ×

    Attachments Open full size

  • Load older comments
  • +168
Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

Busy.b7e3690b94c43e444483fbc7927a6a9a
DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status