DigitalOcean

Question

How to choose a firewall for my Droplet?

Hello everyone,

I’ve just deployed my first Droplet on DigitalOcean, and I want to ensure it’s secure by setting up a basic firewall. I’m a bit new to this, so I’m looking for advice on the easiest way to set up a firewall to allow only necessary traffic (like SSH and HTTP/HTTPS) while blocking everything else.

Should I use UFW, or is there a better approach? Also, are there any particular rules I should include to ensure that my Droplet is both functional and secure?

Thanks in advance for your help!

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
October 7, 2024

Heya,

I’ll be brief, whichever firewall you feel most comfortable with that should be what you choose in my opinion.

For me the easiest is UFW so I would recommend that.

Bobby Iliev
Site Moderator
Site Moderator badge
October 5, 2024

Hey 👋,

Great question! Setting up a firewall is a key step in securing your Droplet, and I’m glad you’re on top of it!

Option 1: UFW (Uncomplicated Firewall)

UFW is a simple and easy-to-use firewall available on Ubuntu, and it’s perfect for most users. Here’s a basic guide to help you get started:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu

Option 2: DigitalOcean Cloud Firewalls

Alternatively, you can also manage firewall rules using DigitalOcean’s Cloud Firewalls. These are firewalls you can configure at the network level, and they apply automatically to all the Droplets you assign them to. One big plus is that they filter the network traffic before it ever reaches your server, unlike ufw where the firewall runs on the server itself.

Here’s a basic rundown:

  1. Create a New Firewall – You can create and manage firewalls directly from the DigitalOcean Control Panel under the Networking tab.

  2. Set Rules – You’ll be able to create rules for incoming and outgoing traffic. Similar to UFW, you can allow SSH (port 22), HTTP (port 80), and HTTPS (port 443).

  3. Apply the Firewall to Your Droplet – Once you’ve created the firewall, apply it to your Droplet to enforce the rules.

More detailed information on setting up Cloud Firewalls can be found here:

Let me know how it goes!

- Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2024 DigitalOcean, LLC.Sitemap.