
Cloud Firewalls: Secure Droplets by Default in DigitalOcean - bprasanna
https://blog.digitalocean.com/cloud-firewalls-secure-droplets-by-default/
======
terrywang
Hmmm, looks like not many people on HN care about DigitalOcean nowadays. I
guess most people use AWS EC2 (or Lightsail), Linode or Vultr instead.

I've been a long time DO user, 4.5 years. So far so good, especially happy
about the uptime (not like AWS they force you to reboot or start if it is
scheduled for retire). DO has a track record of keeping VM uptime (in my
uprecords I have the following top 5: 555 days, 401 days, 226 days, 170 days),
all reboots were manual due to kernel upgrade (with Ksplice one still needs to
reboot at some stage).

DO keeps delivering new features (load balancer, block storage, monitoring,
firewall etc), although the pace is a bit slow. The competition has never been
so tough, in fact for $5/m DO has the least memory but I am not going to
migrate the existing droplets at this stage.

Back to business: this cloud firewalls - it's an extra layer in front of the
VM's OS level firewall (iptables, pf/ipfw or Windows Firewall?) (similar to
AWS VPC security group) offloads the packet filtering to DO's network
infrastructure, it comes in handy in terms of protecting the VM from DDoS.
Thumb up for it.

~~~
raiyu
[https://news.ycombinator.com/item?id=14497784](https://news.ycombinator.com/item?id=14497784)
Yesterday's thread where the majority of the conversation was

