DigitalOcean

Report this

What is the reason for this report?
Question

Can I use DO private networks work to limit ssh access

Posted on March 3, 2022
DigitalOcean Cloud Firewalls
Networking
Firewall
bryangilbert

By bryangilbert

I’ll be creating six Droplets (Debian) with both UFW and DO firewalls all to run a copy of a web service. I will also create one droplet to manage these servers. Can I set the firewalls for the servers to accept incoming requests on HTTP/HTTPs only on their public IPs and accept ssh only on their private IP address and only from my managing server (via a domain name of course)

If so then I’ll set the managing server’s firewall to only accept incoming SSH from a limited number of IPs that I own elsewhere. I’ll ssh onto the manager and then ssh from there to the web servers. This way the only access to the web servers will be via HTTP/HTTPs.

If the above is possible does anyone know where I can find an example UFW configuration showing how to work with the DO private networks?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
March 3, 2022

Hi there,

Indeed, what you could do is to close down port 22 for all IP addresses and only allow the ones that you want to have access to the server.

You can allow a specific IP by running:

ufw allow your_ip_here

Alternatively, if you already have a Cloud Firewall, you can use it as well as it also affects both public and VPC network traffic. Rules specific to either must specify the public or private IP range.

Hope that this helps!

Best,

Bobby

0
KFSys
KFSys
March 6, 2022

Hi @bryangilbert,

Yes, you can use it as you’ve intended. You can use it exactly to affect both public and private network traffic.

I take it you are talking about the following, correct:

https://docs.digitalocean.com/products/networking/firewalls/

Alternatively, you can use your normal Firewall whether it’s UFW or just plain IPtables on your Droplets to replicate the same setup.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.