DigitalOcean Cloud Firewalls

Cloud Firewalls, available at no charge, allow you to secure your DigitalOcean infrastructure by blocking traffic before it ever reaches your Droplets. These tutorials explain how to create, organize and troubleshoot DigitalOcean Cloud Firewalls.

DigitalOcean Cloud Firewalls subscription active
You will receive email notifications for new publications on DigitalOcean Cloud Firewalls.
74 Results
  • Question

    firewall for wireguard vpn server

    So i installed wireguard using this automated installer https://github.com/Nyr/wireguard-install, and now i am trying to make the server more secure by using digitalocean firewall and i do not really know how to confi...
    Accepted Answer: WireGuard uses a different port than SSH, so your firewall is blocking its traffic. You need to allow the UDP port used by your WireGuard server; the default is 51820.
    1 By menghoe Ubuntu 18.04 VPN DigitalOcean Cloud Firewalls Firewall
  • Question

    cannot connect to a port

    My droplet has debian os. I have a java application running which tries to exchange data with remote similar applications. This data exchange has previously worked across remote environments where each node has been a...
    Accepted Answer: Hello, It sounds like that your Java app is binding to 127.0.0.1:4000 rather than 0.0.0.0:4000 so that's why you can only access it locally from the server itself. To check if this is true you can run: netstat -plant...
    1 By stewartvince DigitalOcean Cloud Firewalls
  • Question

    Cloue Firewall: How to open port 6002 for Websockets?

    In my Inbound Rules I've set these rules: Type: Custom Protocol: TCP Portrange: 6002 for IPv4 and 6 But still if I go to https://ping.eu/port-chk/ my port is still closed! Any ideas? I don't use the local firewall onl...
    Accepted Answer: Hello, @avidofood If you're running on Ubuntu droplet you can try to open the port on ufw and then to disable it again. I had a similar issue and this helped. sudo ufw allow 6002 sudo ufw disable Is you're applicat...
    1 By avidofood DigitalOcean Cloud Firewalls
  • Question

    Why do my inbound rules keep resetting

    I have created a Kubernetes Cluster. All works fine, however I needed to add an inbound rule to the firewall that it created in order to allow HTTPS. But after a while my rules keep resetting and my added HTTPS rule ...
    Accepted Answer: Hi there! The cloud resources(volumes/Load Balancers/Firewall) created by DOKS are not intended to be manually modified/renamed. If there are manual modifications made to a cloud resource's settings, the reconciler wi...
    2 By raduachim DigitalOcean Cloud Firewalls Kubernetes
  • Question

    Remote Mysql fail to connect - Tried everything I can think of.

    So I am going to walk you through everything I have done since I created this. Since this is a test before I run it for production. ssh in, change root password adduser (new user added) usermod -aG sudo (new user) ufw...
    Accepted Answer: I was unable to resolve this issue. Removing the droplet and closing ticket. Anyone that is curious all steeps I have taken are listed above. It is replicate-able by simply following those steeps.
    4 By quentinpidcock MySQL DigitalOcean Cloud Firewalls Firewall Databases DNS Ubuntu 18.04
  • Question

    Removing Multiple Firewall Rules Fails with 422 Unprocessable Entity

    Hello, I'm attempting to remove multiple rules from a DO firewall using the API but I keep getting a 422 response. Given the following firewall definition: { "firewall": { "id": "[REDACTED]", "name": "test-...
    Accepted Answer: Thanks for the reply Bobby, but after sleeping on this I've come to a solution. The problem is that a DO firewall isn't valid if it has no rules (inbound or outbound). When running my first request to delete all inbou...
    2 By alehman DigitalOcean API DigitalOcean Cloud Firewalls
  • Question

    Block single IPs in cloud firewall, is it possible?

    Hello, I am looking for an option to block single IPs in the Cloud Firewall, is this possible?
    Accepted Answer: Hi there @Geekologist, Unfortunately, this isn't possible with the cloud firewall. You are welcome to suggest this as an idea on our product ideas board: https://ideas.digitalocean.com/ You may, however, be able to ac...
    2 By Geekologist DigitalOcean DigitalOcean Cloud Firewalls
  • Question

    Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)

    Hello, I have a droplet set up as follows: module "bastion_server" { ipv6 = "false" region = "nyc1" private_networking = "false}" name ...
    Accepted Answer: Hi there, Try to open port 53 for DNS. The address lookups for package repos probably isn't happening. If it still doesn't work, give some morer logs ;)
    1 By myprogramingnotes DigitalOcean Cloud Firewalls Ubuntu 18.04
  • Question

    Cloud Firewall setup for backend data processing server

    My app uses custom generated data that is stored in my DB and is then served to the visitors. That's handled by a Nginx webserver on one droplet (D1) and a MongoDB on another droplet (D2). To push new data into the DB...
    Accepted Answer: Greetings! Great question. If you're reaching out to the API to request the data, it will be handled over the outbound connection. It's all about the opening of the connection rather than the direction in which the tr...
    1 By multispoke DigitalOcean Cloud Firewalls Ubuntu
  • Question

    cann't connect droplets(Ubantu) with ssh(putty) on windows

    I have generate the ssh with putty and upload it to my account, but I cannot connect my droplets still.I set as the same as the guide(https://cloudsupport.digitalocean.com/s/#none|ka21N000000Cp7TQAS), but it will apea...
    Accepted Answer: Hey friend, It sounds like password login is disabled, and this droplet uses SSH keys. It also sounds like PuTTY may not be using your private key, thus resulting in a situation in which the server offers no connectio...
    1 By whulixiya DigitalOcean Cloud Firewalls VPN Ubuntu 16.04
  • Question

    How to prevent packet loss of intentionally spoofed packets?

    I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B). I have gsm devices sending data over UDP to Server A. To preserve the devices' ...
    Accepted Answer: Hey friend, This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we've taken a position similar to most network service providers on this issue. While your ...
    1 By kilailawrence94 Nginx DigitalOcean Cloud Firewalls Ubuntu 18.04
  • Question

    Kuberenetes Firewalling the management API

    Hi all, I'm quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API). I'm looking at using DO to host an test K8 cluster, and am looking to 'lock down' the management API...
    Accepted Answer: Hey friend, you're correct, we're providing a managed Kubernetes product (our short hand for it is DOKS 👍🏼 ) so there's no access to the management layer: https://www.digitalocean.com/docs/kubernetes/overview/ Hope th...
    1 By debesteben API Kubernetes DigitalOcean Cloud Firewalls CoreOS
  • Question

    Hey, I've used DigitalOcean with Vesta frm Last 2 Yrs, I was accessing the Vesta using 8083 from browser but frm last Night It's not working

    Distribution: UBUNTU 14.04 Control Panel: VESTACP (Apache + Ngnix) http://MYIP:8083 Not Working (Connection Refused)
    Accepted Answer: look at my questions https://www.digitalocean.com/community/questions/i-ve-installed-vestacp-this-afternoon-i-can-open-panel-on-port-8083-from-web-browser-just-fine-but-tonight-cant-open-the-panel?answer=42945 hope he...
    3 By sidjoshi2907 DigitalOcean Cloud Firewalls Ubuntu
  • Question

    Local Connections with DigitalOcean Firewall enabled

    I created a DigitalOcean Cloud Firewall for a few of my droplets, allowing access to ports 22, 80, and 443. I'm running a Docker Swarm with Traefik as a proxy, but Traefik needs to access ports other than 22, 80, and ...
    Accepted Answer: The cloud firewall should only block connections coming in on your public interface. A local firewall can be used if needed to restrict access on the local/private network.
    1 By joelbond DigitalOcean Cloud Firewalls Ubuntu 18.04
  • Question

    I've installed vestacp this afternoon I can open panel on port 8083 from web browser just fine but tonight cant open the panel

    I'm just open ticket for mailing restriction and this firewall problem, but no answer so confuse
    Accepted Answer: Sorry for the trouble. We had to restrict droplets running VestaCP due to an exploit in the wild that was being used to compromise servers and use them in DDoS attacks. A ticket should be open on your account regar...
    1 By arkadepm DigitalOcean Cloud Firewalls Ubuntu 16.04
  • Question

    How can I restrict the access to my Droplet only for a Specific Country?

    I would like to block access to my droplet from other countries. I would like to grant permission to access my drop from only a few specific countries. How to configure this? I am looking for a detailed answer as I am...
    1 By sadhin DigitalOcean Configuration Management Control Panels DigitalOcean Cloud Firewalls Firewall Security
  • Question

    Cannot connect to app externally

    I have a python app running at port 9000 and want to connect externally. So, I open port 9000 in ufw, checked wheather port app is listen and created rule at Digital Ocean firewall. I can connect to postgres at port 5...
    1 By nevessmichel Firewall DigitalOcean Cloud Firewalls Python
  • Question

    Not able to ping my public IP, but can SSH

    I have set up a droplet and firewall with specific rule. I have added the icmp rule in firewall for both inbound and outbound traffic. The outbound connections and icmp is working fine but am not able to ping my dropl...
    1 By nirmalnath Ubuntu 18.04 DigitalOcean Cloud Firewalls
  • Question

    Wordpress Blog article share on Facebook lacks image thumbnail

    I have recently transferred my blog https://founder360mag.com/ to hosting on digital ocean. When trying to share an article on Facebook, the post does not display the article's thumbnail. I tried to debug it and I got...
    1 By valfeloti DigitalOcean Cloud Firewalls WordPress
  • Question

    How can expose a kubernete service to a specific IP (not all internet)

    Hi, english is not my first language and i'm still learning, sorry for grammar and spelling mistakes. I need to a client to connect to specific service inside my kubernetes cluster. I try using a load balancer and wor...
    2 By dhvazquez Kubernetes DigitalOcean Cloud Firewalls DigitalOcean Managed Load Balancers