• Blog
  • Docs
  • Careers
  • Get Support
  • Contact Sales
DigitalOcean
  • Featured AI Products

    Compute

    Build, deploy, and scale cloud compute resources

    Containers and Images

    Safely store and manage containers and backups

    Managed Databases

    Fully managed resources running popular database engines

    Management and Dev Tools

    Control infrastructure and gather insights

    Networking

    Secure and control traffic to apps

    Security

    Help protect your account and resources with these security features

    Storage

    Store and access any amount of data reliably in the cloud

    Browse all products

  • AI/ML

    CMS

    Data and IoT

    Developer Tools

    Gaming and Media

    Hosting

    Security and Networking

    Startups and SMBs

    Web and App Platforms

    See all solutions

  • Community

    Documentation

    Developer Tools

    Get Involved

    Utilities and Help

  • Become a Partner

    Marketplace

  • Pricing
  • Log in
  • Sign up
  • Log in
  • Sign up

Company

  • About
  • Leadership
  • Blog
  • Careers
  • Customers
  • Partners
  • Referral Program
  • Affiliate Program
  • Press
  • Legal
  • Privacy Policy
  • Security
  • Investor Relations

Products

  • GPU Droplets
  • Bare Metal GPUs
  • Inference Engine
  • Data & Learning
  • Evaluations
  • Model Library
  • Droplets
  • Kubernetes
  • Functions
  • App Platform
  • Load Balancers
  • Managed Databases
  • Spaces
  • Block Storage
  • Network File Storage
  • API
  • Uptime
  • Cloud Security Posture Management (CSPM)
  • Identity and Access Management (IAM)
  • Cloudways
  • View all Products

Resources

  • Community Tutorials
  • Community Q&A
  • CSS-Tricks
  • Write for DOnations
  • Currents Research
  • DigitalOcean Startups
  • Wavemakers Program
  • Compass Council
  • Open Source
  • Newsletter Signup
  • Marketplace
  • Pricing
  • Pricing Calculator
  • Documentation
  • Release Notes
  • Code of Conduct
  • Shop Swag

Solutions

  • AI Training GPU
  • GPU Inference
  • VPS Hosting
  • Website Hosting
  • VPN
  • Docker Hosting
  • Node.js Hosting
  • Web Mobile Apps
  • WordPress Hosting
  • Virtual Machines
  • View all Solutions

Contact

  • Support
  • Sales
  • Report Abuse
  • System Status
  • Share your ideas

Company

  • About
  • Leadership
  • Blog
  • Careers
  • Customers
  • Partners
  • Referral Program
  • Affiliate Program
  • Press
  • Legal
  • Privacy Policy
  • Security
  • Investor Relations

Products

  • GPU Droplets
  • Bare Metal GPUs
  • Inference Engine
  • Data & Learning
  • Evaluations
  • Model Library
  • Droplets
  • Kubernetes
  • Functions
  • App Platform
  • Load Balancers
  • Managed Databases
  • Spaces
  • Block Storage
  • Network File Storage
  • API
  • Uptime
  • Cloud Security Posture Management (CSPM)
  • Identity and Access Management (IAM)
  • Cloudways
  • View all Products

Resources

  • Community Tutorials
  • Community Q&A
  • CSS-Tricks
  • Write for DOnations
  • Currents Research
  • DigitalOcean Startups
  • Wavemakers Program
  • Compass Council
  • Open Source
  • Newsletter Signup
  • Marketplace
  • Pricing
  • Pricing Calculator
  • Documentation
  • Release Notes
  • Code of Conduct
  • Shop Swag

Solutions

  • AI Training GPU
  • GPU Inference
  • VPS Hosting
  • Website Hosting
  • VPN
  • Docker Hosting
  • Node.js Hosting
  • Web Mobile Apps
  • WordPress Hosting
  • Virtual Machines
  • View all Solutions

Contact

  • Support
  • Sales
  • Report Abuse
  • System Status
  • Share your ideas
© 2026 DigitalOcean, LLC.Sitemap.
Product updates

Cloud Firewalls: Secure Droplets by Default

author

By Rafael Rosa

  • Published: June 6, 2017
  • 3 min read
<- Back to blog home

When deploying a new application or service, security is always a top concern. The internet is full of malicious actors probing applications for vulnerabilities and sniffing for open ports. Tools like iptables are essential to any developer’s toolkit, but they can be complicated to use, especially when building distributed services. Adding a new Droplet can require updating your configuration across all of your infrastructure.

At DigitalOcean, we are working to make it easier for developers to build applications and deploy them to the cloud by simplifying the infrastructure experience. Today, we’re excited to bring that approach to security with Cloud Firewalls, an easily configurable service for securing your Droplets. It is free to use and designed to scale with you as you grow.

By using Cloud Firewalls, you will have a central location to define access rules and apply them to all of your Droplets. We enforce these rules on our network layer. Unauthorized traffic will not reach your Droplets, and this protection doesn’t consume any resources from your Droplet.

Secure by Default

When using Firewalls, we start from the principle of least privilege—only the ports and IPs explicitly defined by you will be accessible. Any packet that doesn’t fit the rules will be dropped before it reaches your Droplet. A simple Firewall that would only allow HTTP, SSH, and ICMP connections from any source would need three rules:

Create Firewall screenshot

If someone tried to access this Droplet on any other port—say FTP using port 21—they would receive a timeout because Firewalls filtered out the traffic.

Easy to Configure

We’ve designed Firewalls to be easy to configure. Your source and destination rules can specify individual Droplets by name, Load Balancers, IP ranges, and even sets of Droplets by using Tags.

Outbound rules screenshot

For finer-grained control, you can also apply multiple Firewalls to a Droplet. This allows you to keep rules for different concerns in different Firewalls. For example, you could create one Firewall called webapp-firewall, that allows only HTTP on port 80, and another called admin-firewall, that allows SSH and ICMP from only a specific IP. Our service will combine their rules and enforce them together.

Beyond the Control Panel, you can manage your Firewalls on the command line with doctl or automate using our RESTful API or our Go and Ruby API client libraries. Expect more integrations to come along soon, thanks to our amazing community.

Works at Scale

Even without automation, Firewalls makes it much easier to secure distributed applications with large numbers of resources. You can leverage tagging to group and organize any number of Droplets, and use them to define how each group of Droplets is secured by Firewalls.

Inbound rules screenshot

For example, you could create a Firewall called db-firewall and only allow inbound connections from all Droplets tagged frontend, securing your database from unauthorized access. If you add this tag to more Droplets, they will automatically be recognized by our system and be whitelisted by this rule.

Getting Started

Whether you’re ready to dive in and create your first Firewall or you just want to learn more, check out these tutorials on our Community site for all the details and some best practices:

  • How to Create Your First DigitalOcean Firewall
  • An Introduction to DigitalOcean Firewalls
  • How to Organize DigitalOcean Firewalls

We can’t wait to hear your feedback. It helps guide us as we continue to work on making your infrastructure more secure and easier to manage at scale. Let us know what you think in the comments below, and stay tuned for major network security improvements later this year.

About the author

Rafael Rosa
Rafael Rosa
Author

Share

  • Product Updates

Start building today

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
Sign up

Related Articles

DigitalOcean Evaluations: Production Model and Router Testing for the Inference Stack
Product updates

DigitalOcean Evaluations: Production Model and Router Testing for the Inference Stack

Grace Morgan
  • July 1, 2026
  • 3 min read

Read more

Run Codex in the cloud – DigitalOcean for Codex is now available
Product updates

Run Codex in the cloud – DigitalOcean for Codex is now available

Ari Sigal
  • June 25, 2026
  • 3 min read

Read more

Server-Side Tools Are Now Available for DigitalOcean Inference Engine
Product updates

Server-Side Tools Are Now Available for DigitalOcean Inference Engine

Grace Morgan
  • June 17, 2026
  • 3 min read

Read more