DigitalOcean Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule.
We no longer bill for outbound data transfer that we determine is dropped by a DigitalOcean firewall rule. Learn more about bandwidth billing.
You can now add Kubernetes clusters as sources or destinations in Cloud Firewall rules.
On Kubernetes 1.19 and later we now provision two fully-managed firewalls for each new Kubernetes cluster. One firewall manages the connection between worker nodes and control plane, and the other manages connections between worker nodes and the public internet.
For more information, see all Cloud Firewalls release notes.