DigitalOcean Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn't expressly permitted by a rule.
The DigitalOcean API lets you manage DigitalOcean resources programmatically using conventional HTTP requests. All the functionality available in the DigitalOcean Control Panel is also available through the API.
You can list, create, and delete firewalls as well as modify access rules by senidng requests to the API /v2/firewalls endpoint. Learn more in the cloud firewalls API documentation.
doctl is a command-line interface for the DigitalOcean API and supports many of the same actions.
Learn more in the doctl documentation on firewalls.