I’ve assigned a Reserved IP to one of my Droplets and want to block specific ports (80 and 443) on the Public IP for security purposes. If I use a tool like ufw
to close these ports on the Public IP, will it also impact the Reserved IP? Or does the Reserved IP use an internal 10.0.0.0/8 subnet to connect to the Droplet?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hey there!
When you attach a Reserved IP to a Droplet on DigitalOcean, that Reserved IP essentially behaves as a public IP. It doesn’t rely on an internal
10.0.0.0/8
private network to reach your Droplet—so it’s not like the private IP addresses used for VPC networking.What this means in practice is that any firewall rule that you set up on the Droplet with
ufw
(or any other firewall tool) will apply to both the primary public IP and the Reserved IP. If you decide to block ports80
and443
on your Droplet’s firewall, inbound traffic on those ports will be blocked regardless of which public IP address (the original or the Reserved IP) traffic is hitting.For example, if you want to block ports
80
and443
viaufw
, you’d run:After applying these rules, neither your primary public IP nor your Reserved IP will allow inbound connections on ports 80 or 443.
Alternatively, you could leverage DigitalOcean’s Cloud Firewalls for simpler management. You can create rules to block or allow traffic at the network level before it even hits your Droplet. It’s free and easy to set up: 🔗 DigitalOcean Cloud Firewalls
Hope that this helps!
- Bobby