My question is the same as https://www.digitalocean.com/community/questions/digital-ocean-load-balancer-firewall-how-to-apply.
I have tried adding --allowlist
cidr https://www.cloudflare.com/ips/ in the Load Balancer firewall but my app is not running, there should be something that cannot be accessed.
I suspect I haven’t added the internal IP droplet but when I added CIDR 10.xxx.0.0/16’ the error Firewall rule containing CIDR '10.xxx.0.0/16' is invalid
"appears.
I added --alowlist
internal ip DO also doesn’t work.
Please help me. thank you
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hey,
Cloud Firewalls in DigitalOcean are designed to manage external access to your droplets and typically don’t support CIDR ranges that are reserved for private networks, like
10.0.0.0/8
,172.16.0.0/12
, and192.168.0.0/16
. This could explain why you’re encountering the error message “firewall rule containing cidr ‘10.130.0.0/16’ is invalid”.DigitalOcean’s Cloud Firewalls are stateful and network-based, and they block all traffic not expressly permitted by a rule. Unfortunately, they may not be the right tool for managing internal traffic between droplets or services within a private network. For internal traffic management, you might need to use a different approach, such as configuring
iptables
orufw
directly on your Droplets.Regarding the allowlisting of Cloudflare IPs, if your application is not working properly after this configuration, there could be various reasons. It might be due to other firewall rules that are conflicting or due to issues unrelated to the firewall settings, such as application configuration or network issues.
Did you try allowing all of the IPn ranges from that Cloudflare page?
If you need to manage access between your Droplets internally, consider setting up firewall rules directly on the droplets themselves using
iptables
orufw
. This approach allows for more granular control over internal traffic.Best,
Bobby