Limit the access to my site to a single dynamic IP

I have an ubuntu instance running @aws, and from them control panel | mobileApp I can update the only IP I want to access the website @port 80, 22 witch is my home IP but is dynamic, so 2 or 3 times a week automatically changes and I log in to update that rule. Therefor I don’t do any changes in iptables or nginx. I haven’t subscribe @digitalocean yet, so I’m here trying to figure it out if this thing is also that easy to configure here.

Thanks for any support.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Youtube tutorial of how to whitelist IP address with Digital Ocean’s firewall:

You can use their firewall and add a range of ips such as so your ISP might give you a dynamic IP within a certain range so you can whitelist that range with their firewall and the above youtube tutorial will show how to do that

I find this question confusing. Is the goal to connect to AWS, or is the goal to set up some service on Digital Ocean?

If you set up a Digital Ocean droplet on FreeBSD, logins use a key rather than a password.

I assume you would have to setup some sort of dynamic DNS scheme. Personally I don’t like to do anything that I can’t control 100%, so that would be a show stopper for me. That is, I wouldn’t want to lock myself out.

There is nothing wrong with being paranoid, but I would set up an oauth scheme to lock out hackers rather than a firewall. Now that said, I have significant firewall blocking on some of my ports. For instance, geographical blocking on all email ports other than 25. I don’t have a reason to retrieve my email from say Kazakstan, hence I block that country. This snares many a hacker.

You could whitelist your ISP, but IP space is bought and sold and hence dynamic. You could set up port knocking detection:

My point is locking yourself out of your VPS is a situation where no one can save you. I’d rsync to another service so at least you don’t lose your data.


Currently, DigitalOcean doesn’t provide a means to limit connections to a single IP or IP range without using a solution within the Droplet (i.e. a firewall, whether ufw or iptables). You’d have to configure this on your own once the Droplet is deployed and live.