DigitalOcean Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule.
You can have a maximum of 10 Droplets per firewall and 5 tags per firewall. If you have more than 10 Droplets that need the same firewall, tag the Droplets, then add that tag to the firewall.
Each firewall can have up to 50 total incoming and outgoing rules.
You cannot apply cloud firewalls to load balancers.
Firewalls affect both public and VPC network traffic. Rules specific to either must specify the public or private IP range.
Firewalls support only ICMP, TCP, and UDP.
Firewalls block traffic at the network layer before that traffic reaches your resources. Because of this, traffic logs are not available.