DigitalOcean Cloud Firewalls

Cloud Firewalls, available at no charge, allow you to secure your DigitalOcean infrastructure by blocking traffic before it ever reaches your Droplets. These tutorials explain how to create, organize and troubleshoot DigitalOcean Cloud Firewalls.

DigitalOcean Cloud Firewalls subscription active
You will receive email notifications for new publications on DigitalOcean Cloud Firewalls.
82 Results
  • Tutorial

    How To Import Existing DigitalOcean Assets into Terraform

    Terraform is an infrastructure as code tool created by HashiCorp that helps developers with deploying, updating, and removing different assets of their infrastructure in an efficient and more scalable way. In this tut...
    By ivanderz Terraform DigitalOcean Cloud Firewalls
  • How To Configure a Secure Web App Infrastructure with DigitalOcean Cloud Firewalls

    In this tutorial, we will adapt a two-server Wordpress and MySQL setup to use Cloud Firewalls, and demonstrate some of the advantages this service can provide.
    By Brian Boucheron DigitalOcean Firewall DigitalOcean Cloud Firewalls Ubuntu Ubuntu 16.04
  • How To Secure Web Server Infrastructure With DigitalOcean Cloud Firewalls Using Doctl

    Even though you can configure Cloud Firewalls through the DigitalOcean Control Panel, when you have a lot of Droplets to manage, need to script out a process, or just prefer working from the terminal, a command-line i...
    By Marko Mudrinić DigitalOcean Firewall LAMP Stack DigitalOcean Cloud Firewalls
  • Tutorial

    DigitalOcean Blueprints: Getting Up and Running with Node.js, MySQL Replication, and Cachet

    DigitalOcean Blueprints provide you with fast and flexible infrastructure to support you as you scale. You can leverage and incorporate Blueprints as part of your development workflow to spend more time crafting code ...
    By Kathleen Juell Blueprint DigitalOcean DigitalOcean Cloud Firewalls Block Storage Node.js MySQL Ansible Solutions Terraform Automated Setups Databases
  • Question

    Port 3306 blocked even though do, ufw, and iptables are configured to allow.

    I am trying to remotely connect to my mysql instance and have been unsuccessful. ufw shows port 3306 open iptables is not configured and the droplet firewall shows that it should be allowed. I have confirmed that my i...
    Accepted Answer: Hi there @damianyates, It sounds like that your MySQL service might be binding only on and if you want to access MySQL from the outside world, you need to change this to To check if this i...
    2 By damianyates MySQL DigitalOcean Cloud Firewalls Firewall
  • Question

    When will NYC1 datacenter be PCI compliant?

    My droplets are in NYC1 data center, but I need my solution to be PCI compliant. Do I have to move them to NYC2 or NYC3? They are all setup with firewall rules, private networking, volumes mounted, etc. Not a small...
    Accepted Answer: Hello, @jeff93eceb16c6f If you are able to wait a couple months, I would recommend holding off on transferring your resources over to NYC2 or NYC3. PCI Compliance paperwork for NYC1 has hit some COVID-related delays,...
    1 By jeff93eceb16c6f DigitalOcean DigitalOcean Cloud Firewalls
  • Question

    firewall for wireguard vpn server

    So i installed wireguard using this automated installer, and now i am trying to make the server more secure by using digitalocean firewall and i do not really know how to confi...
    Accepted Answer: WireGuard uses a different port than SSH, so your firewall is blocking its traffic. You need to allow the UDP port used by your WireGuard server; the default is 51820.
    1 By menghoe Ubuntu 18.04 VPN DigitalOcean Cloud Firewalls Firewall
  • Question

    cannot connect to a port

    My droplet has debian os. I have a java application running which tries to exchange data with remote similar applications. This data exchange has previously worked across remote environments where each node has been a...
    Accepted Answer: Hello, It sounds like that your Java app is binding to rather than so that's why you can only access it locally from the server itself. To check if this is true you can run: netstat -plant...
    1 By stewartvince DigitalOcean Cloud Firewalls
  • Question

    Cloue Firewall: How to open port 6002 for Websockets?

    In my Inbound Rules I've set these rules: Type: Custom Protocol: TCP Portrange: 6002 for IPv4 and 6 But still if I go to my port is still closed! Any ideas? I don't use the local firewall onl...
    Accepted Answer: Hello, @avidofood If you're running on Ubuntu droplet you can try to open the port on ufw and then to disable it again. I had a similar issue and this helped. sudo ufw allow 6002 sudo ufw disable Is you're applicat...
    1 By avidofood DigitalOcean Cloud Firewalls
  • Question

    Remote Mysql fail to connect - Tried everything I can think of.

    So I am going to walk you through everything I have done since I created this. Since this is a test before I run it for production. ssh in, change root password adduser (new user added) usermod -aG sudo (new user) ufw...
    Accepted Answer: I was unable to resolve this issue. Removing the droplet and closing ticket. Anyone that is curious all steeps I have taken are listed above. It is replicate-able by simply following those steeps.
    4 By quentinpidcock MySQL DigitalOcean Cloud Firewalls Firewall Databases DNS Ubuntu 18.04
  • Question

    Why do my inbound rules keep resetting

    I have created a Kubernetes Cluster. All works fine, however I needed to add an inbound rule to the firewall that it created in order to allow HTTPS. But after a while my rules keep resetting and my added HTTPS rule ...
    Accepted Answer: Hi there! The cloud resources(volumes/Load Balancers/Firewall) created by DOKS are not intended to be manually modified/renamed. If there are manual modifications made to a cloud resource's settings, the reconciler wi...
    2 By raduachim DigitalOcean Cloud Firewalls Kubernetes
  • Question

    Removing Multiple Firewall Rules Fails with 422 Unprocessable Entity

    Hello, I'm attempting to remove multiple rules from a DO firewall using the API but I keep getting a 422 response. Given the following firewall definition: { "firewall": { "id": "[REDACTED]", "name": "test-...
    Accepted Answer: Thanks for the reply Bobby, but after sleeping on this I've come to a solution. The problem is that a DO firewall isn't valid if it has no rules (inbound or outbound). When running my first request to delete all inbou...
    2 By alehman DigitalOcean API DigitalOcean Cloud Firewalls
  • Question

    Block single IPs in cloud firewall, is it possible?

    Hello, I am looking for an option to block single IPs in the Cloud Firewall, is this possible?
    Accepted Answer: Hi there @Geekologist, Unfortunately, this isn't possible with the cloud firewall. You are welcome to suggest this as an idea on our product ideas board: You may, however, be able to ac...
    2 By Geekologist DigitalOcean DigitalOcean Cloud Firewalls
  • Question

    Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)

    Hello, I have a droplet set up as follows: module "bastion_server" { ipv6 = "false" region = "nyc1" private_networking = "false}" name ...
    Accepted Answer: Hi there, Try to open port 53 for DNS. The address lookups for package repos probably isn't happening. If it still doesn't work, give some morer logs ;)
    1 By myprogramingnotes DigitalOcean Cloud Firewalls Ubuntu 18.04
  • Question

    Cloud Firewall setup for backend data processing server

    My app uses custom generated data that is stored in my DB and is then served to the visitors. That's handled by a Nginx webserver on one droplet (D1) and a MongoDB on another droplet (D2). To push new data into the DB...
    Accepted Answer: Greetings! Great question. If you're reaching out to the API to request the data, it will be handled over the outbound connection. It's all about the opening of the connection rather than the direction in which the tr...
    1 By multispoke DigitalOcean Cloud Firewalls Ubuntu
  • Question

    cann't connect droplets(Ubantu) with ssh(putty) on windows

    I have generate the ssh with putty and upload it to my account, but I cannot connect my droplets still.I set as the same as the guide(|ka21N000000Cp7TQAS), but it will apea...
    Accepted Answer: Hey friend, It sounds like password login is disabled, and this droplet uses SSH keys. It also sounds like PuTTY may not be using your private key, thus resulting in a situation in which the server offers no connectio...
    1 By whulixiya DigitalOcean Cloud Firewalls VPN Ubuntu 16.04
  • Question

    How to prevent packet loss of intentionally spoofed packets?

    I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B). I have gsm devices sending data over UDP to Server A. To preserve the devices' ...
    Accepted Answer: Hey friend, This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we've taken a position similar to most network service providers on this issue. While your ...
    1 By kilailawrence94 Nginx DigitalOcean Cloud Firewalls Ubuntu 18.04
  • Question

    Kuberenetes Firewalling the management API

    Hi all, I'm quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API). I'm looking at using DO to host an test K8 cluster, and am looking to 'lock down' the management API...
    Accepted Answer: Hey friend, you're correct, we're providing a managed Kubernetes product (our short hand for it is DOKS 👍🏼 ) so there's no access to the management layer: Hope th...
    1 By debesteben API Kubernetes DigitalOcean Cloud Firewalls CoreOS
  • Question

    Hey, I've used DigitalOcean with Vesta frm Last 2 Yrs, I was accessing the Vesta using 8083 from browser but frm last Night It's not working

    Distribution: UBUNTU 14.04 Control Panel: VESTACP (Apache + Ngnix) http://MYIP:8083 Not Working (Connection Refused)
    Accepted Answer: look at my questions hope he...
    3 By sidjoshi2907 DigitalOcean Cloud Firewalls Ubuntu
  • Question

    Local Connections with DigitalOcean Firewall enabled

    I created a DigitalOcean Cloud Firewall for a few of my droplets, allowing access to ports 22, 80, and 443. I'm running a Docker Swarm with Traefik as a proxy, but Traefik needs to access ports other than 22, 80, and ...
    Accepted Answer: The cloud firewall should only block connections coming in on your public interface. A local firewall can be used if needed to restrict access on the local/private network.
    1 By joelbond DigitalOcean Cloud Firewalls Ubuntu 18.04