Firewall Overview

Plans and Pricing

DigitalOcean Cloud Firewalls are available at no additional cost.

Regional Availability

Firewalls are available in every region. A Firewall’s rules can include servers from any combination of regions.


While you can apply Firewall rules to individual Droplets, a more powerful option is to use tags. Tags are custom labels that you can apply to Droplets. By using a tag for your Firewall, you automatically include any Droplets with that tag in your Firewall configuration.


  • You can have a maximum of 10 Droplets per Firewall and 5 Tags per Firewall. If you have more than 10 Droplets which need the same firewall, tag the Droplets with the same tag, then add that tag to the firewall.

  • Each Firewall can have up to 50 total incoming and outgoing rules.

  • The Cloud Firewall affects both public and private network traffic, meaning rules specific to either will need to specify the public or private IP range.

  • The Cloud Firewall supports ICMP, TCP, and UDP protocols only.

  • Cloud Firewalls block traffic at the network layer before that traffic reaches your resources. Because of this, traffic logs are not available.