Question
I'm blocking connections from all IP's accept my home IP. Which IP's should I allow for Digital Ocean?
- Posted on December 10, 2016
- SecurityUbuntu
Asked by email48e0b1e05fdd57672a289
I saw some unwanted logins and decided that I will block all traffic accept from my home and locations I trust. I’m using hosts.allow and hosts.deny to achieve this. I need to know the range of IP’s that Digital Ocean may use to login to my droplet for maintenance reasons.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
I do not think Digital Ocean needs to login to your droplet for any reason. They have access to the physical machines, which is as far as their maintenance goes.
You should consider spending a day getting to know IPTables, which will give you better control over this sort of thing.
With IPTables, you can lock down specific ports (like your ssh port) for only your IP, and leave your web ports (80 and 443) open for public (if you have a web-server)
It took me about a day to wrap my head around IPTables, but once I had the basic idea I have a much easier time locking my droplets.