The sub-commands of doctl compute firewall manage DigitalOcean cloud firewalls.
Cloud firewalls allow you to restrict network access to and from a Droplet by defining which ports accept inbound or outbound connections. With these commands, you can list, create, or delete Cloud firewalls, as well as modify access rules.
Note: Cloud firewalls are not internal Droplet firewalls on Droplets, such as UFW or FirewallD.
A firewall’s inbound_rules and outbound_rules attributes contain arrays of objects as their values. These objects contain the standard attributes of their associated types, which can be found below.
Inbound access rules specify the protocol (TCP, UDP, or ICMP), ports, and sources for inbound traffic that will be allowed through the Firewall to the target Droplets. The ports attribute may contain a single port, a range of ports (e.g. 8000-9000), or all to allow traffic on all ports for the specified protocol. The sources attribute will contain an object specifying a whitelist of sources from which traffic will be accepted.
| Option | Description |
|---|---|
--help
, -h
|
Help for this command |
| Command | Description |
|---|---|
| doctl compute | Display commands that manage infrastructure |
| doctl compute firewall add-droplets | Add Droplets to a cloud firewall |
| doctl compute firewall add-rules | Add inbound or outbound rules to a cloud firewall |
| doctl compute firewall add-tags | Add tags to a cloud firewall |
| doctl compute firewall create | Create a new cloud firewall |
| doctl compute firewall delete | Permanently delete a cloud firewall |
| doctl compute firewall get | Retrieve information about a cloud firewall |
| doctl compute firewall list | List the cloud firewalls on your account |
| doctl compute firewall list-by-droplet | List firewalls by Droplet |
| doctl compute firewall remove-droplets | Remove Droplets from a cloud firewall |
| doctl compute firewall remove-rules | Remove inbound or outbound rules from a cloud firewall |
| doctl compute firewall remove-tags | Remove tags from a cloud firewall |
| doctl compute firewall update | Update a cloud firewall's configuration |
| Option | Description |
|---|---|
--access-token, -t
|
API V2 access token |
--api-url, -u
|
Override default API endpoint |
--config, -c
|
Specify a custom config file
Default:
|
--context
|
Specify a custom authentication context name |
--http-retry-max
|
Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
|
--http-retry-wait-max
|
Set the minimum number of seconds to wait before retrying a failed request
Default: 30
|
--http-retry-wait-min
|
Set the maximum number of seconds to wait before retrying a failed request
Default: 1
|
--interactive
|
Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
|
--output, -o
|
Desired output format [text|json]
Default: text
|
--trace
|
Show a log of network activity while performing a command
Default: false
|
--verbose, -v
|
Enable verbose output
Default: false
|