I’ve assigned a Reserved IP to one of my Droplets and want to block specific ports (80 and 443) on the Public IP for security purposes. If I use a tool like ufw to close these ports on the Public IP, will it also impact the Reserved IP? Or does the Reserved IP use an internal 10.0.0.0/8 subnet to connect to the Droplet?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hey there!
When you attach a Reserved IP to a Droplet on DigitalOcean, that Reserved IP essentially behaves as a public IP. It doesn’t rely on an internal
10.0.0.0/8private network to reach your Droplet—so it’s not like the private IP addresses used for VPC networking.What this means in practice is that any firewall rule that you set up on the Droplet with
ufw(or any other firewall tool) will apply to both the primary public IP and the Reserved IP. If you decide to block ports80and443on your Droplet’s firewall, inbound traffic on those ports will be blocked regardless of which public IP address (the original or the Reserved IP) traffic is hitting.For example, if you want to block ports
80and443viaufw, you’d run:After applying these rules, neither your primary public IP nor your Reserved IP will allow inbound connections on ports 80 or 443.
Alternatively, you could leverage DigitalOcean’s Cloud Firewalls for simpler management. You can create rules to block or allow traffic at the network level before it even hits your Droplet. It’s free and easy to set up: 🔗 DigitalOcean Cloud Firewalls
Hope that this helps!
- Bobby