Firewalls Limits

DigitalOcean Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule.


  • You can have a maximum of 10 Droplets per firewall and 5 tags per firewall. If you have more than 10 Droplets that need the same firewall, tag the Droplets, then add that tag to the firewall.

  • Each firewall can have up to 50 total incoming and outgoing rules.

  • You cannot apply cloud firewalls to load balancers.

  • Firewalls affect both public and VPC network traffic. Rules specific to either must specify the public or private IP range.

  • Firewalls support only ICMP, TCP, and UDP.

  • Firewalls block traffic at the network layer before that traffic reaches your resources. Because of this, traffic logs are not available.