Firewalls Limits

DigitalOcean Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule.

  • You can have a maximum of 10 Droplets per firewall and 5 tags per firewall. If you have more than 10 Droplets that need the same firewall, tag the Droplets, then add that tag to the firewall.

  • Each firewall can have up to 50 total incoming and outgoing rules.

  • You cannot apply cloud firewalls to load balancers.

  • Firewalls affect both public and VPC network traffic. Rules specific to either must specify the public or private IP range.

  • Firewalls only support ICMP, TCP, and UDP.

  • Firewalls block traffic at the network layer before that traffic reaches your resources. Because of this, traffic logs are not available.

  • Adding new rules to a firewall will not terminate existing connections.

  • Firewall rules are limited to 1000 entries in the Sources or Destinations field. To filter more than 1000 IPs, use tags or network ranges instead of listing individual IPs. More information is available in How to Configure Firewall Rules.