Add or Remove Droplets from a Firewall Using the CLI
The commands to add and remove Droplets from a firewall require the Droplet’s ID. To retrieve a list of Droplets and their IDs, use the doctl compute droplet list
command.
How to Add a Droplet to a Firewall Using the DigitalOcean CLI
- Install
doctl
, the official DigitalOcean CLI.
- Create a personal access token and save it for use with
doctl
.
- Use the token to grant
doctl
access to your DigitalOcean account.
- Finally, run
doctl compute firewall add-droplets
. Basic usage looks like this, but you can read the usage docs for more details:
doctl compute firewall add-droplets <firewall-id> [flags]
The following example assigns two Droplets to the cloud firewall with the ID f81d4fae-7dec-11d0-a765-00a0c91e6bf6
:
doctl compute firewall add-droplets f81d4fae-7dec-11d0-a765-00a0c91e6bf6 --droplet-ids "386734086,391669331"
How to Remove a Droplet to a Firewall Using the DigitalOcean CLI
- Install
doctl
, the official DigitalOcean CLI.
- Create a personal access token and save it for use with
doctl
.
- Use the token to grant
doctl
access to your DigitalOcean account.
- Finally, run
doctl compute firewall remove-droplets
. Basic usage looks like this, but you can read the usage docs for more details:
doctl compute firewall remove-droplets <firewall-id> [flags]
The following example removes two Droplets from a cloud firewall with the ID f81d4fae-7dec-11d0-a765-00a0c91e6bf6
:
doctl compute firewall remove-droplets f81d4fae-7dec-11d0-a765-00a0c91e6bf6 --droplet-ids "386734086,391669331"
Add or Remove Droplets from a Firewall Using the API
The API calls to add and remove Droplets from a firewall require the Droplet’s ID. To retrieve a list of Droplets and their IDs, use the /v2/droplets
endpoint.
How to Add Droplets to a Firewall Using the DigitalOcean API
- Create a personal access token and save it for use with the API.
- Send a POST request to
https://api.digitalocean.com/v2/firewalls/{firewall_id}/droplets
.
cURL
Using cURL:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
-d '{"droplet_ids":[49696269]}' \
"https://api.digitalocean.com/v2/firewalls/bb4b2611-3d72-467b-8602-280330ecd65c/droplets"
Go
Using Godo, the official DigitalOcean API client for Go:
import (
"context"
"os"
"github.com/digitalocean/godo"
)
func main() {
token := os.Getenv("DIGITALOCEAN_TOKEN")
client := godo.NewFromToken(token)
ctx := context.TODO()
_, err := client.Firewalls.AddDroplets(ctx, 'bb4b2611-3d72-467b-8602-280330ecd65c', 49696269)
}
Ruby
Using DropletKit, the official DigitalOcean API client for Ruby:
require 'droplet_kit'
token = ENV['DIGITALOCEAN_TOKEN']
client = DropletKit::Client.new(access_token: token)
client.firewalls.add_droplets([49696269], id: 'bb4b2611-3d72-467b-8602-280330ecd65c')
Python
Using PyDo, the official DigitalOcean API client for Python:
import os
from pydo import Client
client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
req = {
"droplet_ids": [
49696269
]
}
resp = client.firewalls.assign_droplets(firewall_id="39fa4gz", body=req)
How to Remove Droplets From a Firewall Using the DigitalOcean API
- Create a personal access token and save it for use with the API.
- Send a DELETE request to
https://api.digitalocean.com/v2/firewalls/{firewall_id}/droplets
.
cURL
Using cURL:
curl -X DELETE \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
-d '{"droplet_ids":[49696269]}' \
"https://api.digitalocean.com/v2/firewalls/bb4b2611-3d72-467b-8602-280330ecd65c/droplets"
Go
Using Godo, the official DigitalOcean API client for Go:
import (
"context"
"os"
"github.com/digitalocean/godo"
)
func main() {
token := os.Getenv("DIGITALOCEAN_TOKEN")
client := godo.NewFromToken(token)
ctx := context.TODO()
_, err := client.Firewalls.RemoveDroplets(ctx, 'bb4b2611-3d72-467b-8602-280330ecd65c', 49696269)
}
Ruby
Using DropletKit, the official DigitalOcean API client for Ruby:
require 'droplet_kit'
token = ENV['DIGITALOCEAN_TOKEN']
client = DropletKit::Client.new(access_token: token)
client.firewalls.remove_droplets([49696269], id: 'bb4b2611-3d72-467b-8602-280330ecd65c')
Python
Using PyDo, the official DigitalOcean API client for Python:
import os
from pydo import Client
client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
req = {
"droplet_ids": [
49696269
]
}
resp = client.firewalls.delete_droplets(firewall_id="39fa4gz", body=req)
Add or Remove Droplets from a Firewall Using the Control Panel
You can modify the Droplets protected by a firewall in the control panel by choosing Networking from the top menu, then Firewalls. Select the firewall you want to check or modify, then navigate to its Droplets tab.
A firewall’s Droplets tab lists all of all the Droplets protected by the firewall. Droplets added individually are shown on their own line, and Droplets added with a tag are shown below the tag.
To add another Droplet or tag to the firewall, use the Add Droplets button.
To remove a Droplet or tag from a firewall, use its More menu and select Remove.
From the firewall’s Droplets panel, you can see which Droplets are affected by that firewall’s rules. To see all the rules affecting a specific Droplet, you need to view the individual Droplet’s networking page.