I was wondering if we can limit access to our droplets to certain IP’s. Let’s say I’m at home and I only want my droplet to allow access from my home’s public wan IP address.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Hey friend!
This can be done with a firewall. It gets more complex if your IP changes though. Let’s say my IP is 1.1.1.1 and I want that to be the only IP accessing the server. This would do it:
iptables -I INPUT -s 1.1.1.1 -j ACCEPT
iptables -A INPUT -j DROP
Firewall rules are read from the top down, so I inserted the allow for 1.1.1.1 and then appended under it a rule to drop any connections not allowed by a rule above it. I could add 2.2.2.2 to it anytime with this:
iptables -I INPUT -s 2.2.2.2 -j ACCEPT
But if your IP isn’t there and you lose your IP, you’re locked out from anything but our web console.
Jarland
Hello, all
In order to secure your droplet you can use UFW and limit the access to the server to only certain IPs and also allow/deny ports as well.
UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall. While iptables is a solid and flexible tool, it can be difficult for beginners to learn how to use it to properly configure a firewall. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.
For Ubuntu 16.04 you can check this article:
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-16-04
And for more up to date version of Ubuntu here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04
Hope that this helps!
Regards,
Alex
Question