For AI agents: The documentation index is at https://docs.digitalocean.com/llms.txt. Markdown versions of pages use the same URL with index.html.md in place of the HTML page (for example, append index.html.md to the directory path instead of opening the HTML document).
Add or Remove Droplets from a Firewall Using the CLI
The commands to add and remove Droplets from a firewall require the Droplet’s ID. To retrieve a list of Droplets and their IDs, use the doctl compute droplet list command.
How to Add a Droplet to a Firewall Using the DigitalOcean CLI
- Install
doctl, the official DigitalOcean CLI.
- Create a personal access token and save it for use with
doctl.
- Use the token to grant
doctl access to your DigitalOcean account.
- Finally, run
doctl compute firewall add-droplets. Basic usage looks like this, but you can read the usage docs for more details:
doctl compute firewall add-droplets <firewall-id> [flags]
The following example assigns two Droplets to the cloud firewall with the ID f81d4fae-7dec-11d0-a765-00a0c91e6bf6:
doctl compute firewall add-droplets f81d4fae-7dec-11d0-a765-00a0c91e6bf6 --droplet-ids "386734086,391669331"
How to Remove a Droplet to a Firewall Using the DigitalOcean CLI
- Install
doctl, the official DigitalOcean CLI.
- Create a personal access token and save it for use with
doctl.
- Use the token to grant
doctl access to your DigitalOcean account.
- Finally, run
doctl compute firewall remove-droplets. Basic usage looks like this, but you can read the usage docs for more details:
doctl compute firewall remove-droplets <firewall-id> [flags]
The following example removes two Droplets from a cloud firewall with the ID f81d4fae-7dec-11d0-a765-00a0c91e6bf6:
doctl compute firewall remove-droplets f81d4fae-7dec-11d0-a765-00a0c91e6bf6 --droplet-ids "386734086,391669331"
Add or Remove Droplets from a Firewall Using the API
The API calls to add and remove Droplets from a firewall require the Droplet’s ID. To retrieve a list of Droplets and their IDs, use the /v2/droplets endpoint.
How to Add Droplets to a Firewall Using the DigitalOcean API
Create a personal access token and save it for use with the API.
cURL
Send a POST request to https://api.digitalocean.com/v2/firewalls/{firewall_id}/droplets.
Using cURL:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
-d '{"droplet_ids":[49696269]}' \
"https://api.digitalocean.com/v2/firewalls/bb4b2611-3d72-467b-8602-280330ecd65c/droplets"
Go
Using Godo, the official DigitalOcean API client for Go:
import (
"context"
"os"
"github.com/digitalocean/godo"
)
func main() {
token := os.Getenv("DIGITALOCEAN_TOKEN")
client := godo.NewFromToken(token)
ctx := context.TODO()
_, err := client.Firewalls.AddDroplets(ctx, 'bb4b2611-3d72-467b-8602-280330ecd65c', 49696269)
}
Ruby
Using DropletKit, the official DigitalOcean API client for Ruby:
require 'droplet_kit'
token = ENV['DIGITALOCEAN_TOKEN']
client = DropletKit::Client.new(access_token: token)
client.firewalls.add_droplets([49696269], id: 'bb4b2611-3d72-467b-8602-280330ecd65c')
Python
Using PyDo, the official DigitalOcean API client for Python:
import os
from pydo import Client
client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
req = {
"droplet_ids": [
49696269
]
}
resp = client.firewalls.assign_droplets(firewall_id="39fa4gz", body=req)
How to Remove Droplets From a Firewall Using the DigitalOcean API
Create a personal access token and save it for use with the API.
cURL
Send a DELETE request to https://api.digitalocean.com/v2/firewalls/{firewall_id}/droplets.
Using cURL:
curl -X DELETE \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
-d '{"droplet_ids":[49696269]}' \
"https://api.digitalocean.com/v2/firewalls/bb4b2611-3d72-467b-8602-280330ecd65c/droplets"
Go
Using Godo, the official DigitalOcean API client for Go:
import (
"context"
"os"
"github.com/digitalocean/godo"
)
func main() {
token := os.Getenv("DIGITALOCEAN_TOKEN")
client := godo.NewFromToken(token)
ctx := context.TODO()
_, err := client.Firewalls.RemoveDroplets(ctx, 'bb4b2611-3d72-467b-8602-280330ecd65c', 49696269)
}
Ruby
Using DropletKit, the official DigitalOcean API client for Ruby:
require 'droplet_kit'
token = ENV['DIGITALOCEAN_TOKEN']
client = DropletKit::Client.new(access_token: token)
client.firewalls.remove_droplets([49696269], id: 'bb4b2611-3d72-467b-8602-280330ecd65c')
Python
Using PyDo, the official DigitalOcean API client for Python:
import os
from pydo import Client
client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
req = {
"droplet_ids": [
49696269
]
}
resp = client.firewalls.delete_droplets(firewall_id="39fa4gz", body=req)
Add or Remove Droplets from a Firewall Using the Control Panel
You can modify the Droplets protected by a firewall in the Control Panel. Click Networking in the main menu, then click Firewalls. Click the firewall you want to modify, then click the Droplets tab.
The Droplets tab lists every Droplet protected by the firewall. Droplets added individually appear on their own row, and Droplets added with a tag are shown below the tag.
To add a Droplet or tag, click Add Droplets. In the Add Droplets window, search for a Droplet or tag, then click Add Droplets to confirm.
To remove a Droplet or tag, click the trash icon on the right of the row.
The Droplets tab shows which Droplets are protected by this firewall’s rules. To see all the rules that apply to a specific Droplet, open that Droplet’s Networking tab.