How to Configure Firewall Rules

Inbound firewall rules define what kind of traffic will be allowed to which ports from which sources. If no inbound rules are configured, no incoming traffic is permitted.

Outbound firewall rules define what kind of traffic will be allowed to leave the server on which ports and can be restricted to specific destinations. If no outbound rules are configured, no outbound traffic is permitted.

To manage existing Firewalls, navigate from Networking to Firewalls and click the Firewall’s name. You’ll arrive on its Rules tab. From here, you can add new rules and modify or delete existing rules.

When more than one Firewall is applied to a Droplet, the rules are additive and cannot be restricted again with other rules.

Create New Rules

You can create new inbound or outbound rules by opening the New rule select list under Inbound Rules or Outbound Rules, respectively.

Existing rules

You can use a preset protocol or create a custom rule.

From Presets

There are several common protocols available which will fill the Protocol and Port Range fields automatically. For example, selecting HTTP will auto-fill the Protocol with TCP and the Port Range with HTTP’s default of port 80.

Type dropdown list with the following options: SSH, HTTP, HTTPS, MySQL, DNS TCP, DNS UDP, All TCP, ALL UDP, ICMP, Custom

If one of these services is listening on a non-standard port, you can configure it by creating a custom rule.

Custom Rules

To add a custom rule, choose Custom, which allows you to define the protocol, port range, and source or destination.

Firewall rules

  • Protocol. You can choose either TCP or UDP. Because ICMP has no port abstraction, to allow ICMP traffic, you select it directly from the New rule dropdown.

  • Port Range. For the TCP and UDP protocols, you can specify:

    • A single port.
    • A range of ports by entering the starting and ending ports separated by a dash - with no spaces, e.g. 3000-4000. To open multiple non-sequential ports, create a separate rule for each.
    • All ports by leaving the field blank.
  • Sources for inbound rules, which lets you restrict the source of incoming connections.

    Destinations for outbound rules, which lets you restrict the destination of outgoing connections.

    You can limit the sources/destinations to:

Edit or Delete Rules

To edit or delete a rule, use open the rule’s More menu:

Edit and delete rules with their More menu

Choose Edit Rule or Delete Rule respectively.