DigitalOcean Cloud Firewalls are available at no additional cost.
Firewalls are available in every region. A Firewall’s rules can include servers from any combination of regions.
While you can apply Firewall rules to individual Droplets, a more powerful option is to use tags. Tags are custom labels that you can apply to Droplets. By using a tag for your Firewall, you automatically include any Droplets with that tag in your Firewall configuration.
You can have a maximum of 10 Droplets per Firewall and 5 Tags per Firewall. If you have more than 10 Droplets which need the same firewall, tag the Droplets with the same tag, then add that tag to the firewall.
Each Firewall can have up to 50 total incoming and outgoing rules.
The Cloud Firewall affects both public and private network traffic, meaning rules specific to either will need to specify the public or private IP range.
The Cloud Firewall supports ICMP, TCP, and UDP protocols only.
Cloud Firewalls block traffic at the network layer before that traffic reaches your resources. Because of this, traffic logs are not available.