Which IP (blocks?) do I need to allow through my firewall for Drople Console?

I some additional research on this topic. While we don’t know which IP’s to allow for the droplet console, you can still limit the IP’s safely.

Why? DO offers a recovery console that acts like a direct attached keyboard and mouse. So you can restrict IP access to your ssh server, and even if you mess up and block yourself from connecting, you can still use the recovery console to regain access.

Please mark this comment as the answer to this thread.

I have this question, too. I run a VPN on my droplets, so I only want ssh access via the VPN network. But I want to allow Web console to work in case I lock myself out.

I logged into my Droplet today using the Web console and the IP shows as “162.243.188.66” , but there could be more IP addresses that need to be allowed.

You’d think DO would share this IP address list or range with their users in the interests of security.

Hi @solitaryr,

Regarding the Web Console, you shouldn’t be having issues or needing to allow anything on the Droplet.

Having said that, unless you’ve changed anything in the /etc/ssh/sshd_config file, your Droplet can be accessed only by the Web Console or with SSH key so opening the port 22 shouldn’t be a problem.

Additionally, you can allow port 22 only for your IP address and use PuTty to do so.