New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DigitalOcean Introducing Cloud Firewalls with your Droplets for Free
Received this email
We’re excited to announce the release of Cloud Firewalls.
Cloud Firewalls help secure your Droplets and are free to enable. You can define which ports are visible on your Droplets and control which resources can access them. All without having to install and configure more software.
It's designed to be easy to use with groups of resources, scales as you grow, and is perfect for production environments.
Cloud Firewalls are free for all Droplet customers.
To learn more about how to use Cloud Firewalls to secure your applications, be sure to read the announcement blog post. Click below for a product walk through.
https://www.digitalocean.com/community/tutorials/an-introduction-to-digitalocean-cloud-firewalls
Thanked by 1jar
Comments
I'm pretty excited about it. Being able to custom filter traffic before it reaches the server is a pretty good win
Cough bgp sessions cough
Need a tissue?
http://www.bleachbit.org/cloth-or-something
Huge plus for some people, surprised it didn't happen sooner.
Lost mine...
Mine took months to arrive due to a shortage, dammit
Does DO have any DDoS protection? Whats the policy?
Knowing the kind of attacks people on LET tend to receive, we couldn't tank a lot of them. There is some protection provided, but I feel like it wouldn't meet the needs commonly expressed by users here. The policy beyond that is automated null route.
How does BGP help you filtering traffic before it reaches the server?
I've heard of brief network blips at DO NY for the past week. Don't think anyone ever found a real cause. Does a node get null routed when there's a DoS? Can a neighbor use so many resources that a node overloads? I don't use DO actively but an acquaintance does and it was always rock solid til lately.
Now let's just wait for Amazon to have Lightsail be compatible with VPC
Well, it can communicate with your VPC instances. Which is good. Also they have a basic firewall too.
nice, this firewall can reduce some line on vps it self.
For what it's worth I've not been seeing or hearing about anything like that. I have a lot of droplets in NYC2 and 3, no monitors going off. I'd have many questions for them such as what steps they've taken to troubleshoot thus far, whether they've properly isolated the cause as truly network or if it could be the application layer. Often I hear "down" because an application isn't responding, but no one has tried to ping/trace yet. Happy to expand on that and talk with them about it
Anytime resources are not 100% dedicated (down to NIC, switch, etc) there is a chance of a user causing problems for another user. That's why you want to halt potential abuse at signup and also have fast response to any issues caused. DDOS rarely hits the HV to impact neighbors as it gets detected / filtered / null routed by equipment closer to the edge of the network.
Reminds me I haven't enabled the (external) node firewall on one of my dediserves.
Why waste cpu cycles on an E5...
I think that fire in the clouds is called lightning. I may be wrong however. xD
I will surely give it a try, seems nice feature though.
It can when it transports flowspec rules, if supported and enabled. ;-).
Can digitalocean announce bgp?
DO's system templates are too less.
E.g Centos 6.5/7.1 are not available to choose from creating panel, thats an Disadvantage.
Just curious, where are the high CPU plans? since it comes first via email.
We've only had that feature since 2010 tho
Not only you :-).
Many providers already have this feature, it would be much more exciting if it was like AWS or OVH where it can be used as DDoS countermeasure (none of the lower end providers support that AFAIK), but see this comment on the blog post:
It's still useful, just not really exciting since the feature is so common IMO. (But they say they are looking into it, so it might still happen!)
DOwesome
Love the tagging feature, made them more easy to use!
Could be more awesome if they give rate limitting features
>
What is this based on, if you don't mind me asking? Is this a virtual firewall feature of an appliance?
Why would you want outdated templates? CentOS 6 & 7 are LTS and the updates between 7.1 and 7.3 would be backports that do not break functionality. They will not be major package version updates.
Not at this time.
It's completely built in-house.
You can request early access here: https://www.digitalocean.com/products/compute/high-cpu/
That makes sense. Thank you