Give Feedback

firewall

Generated on 12 Dec 2025 from digitalocean.cloud version v1.2.1

Synopsis

Create or delete firewalls. DigitalOcean Cloud Firewalls provide the ability to restrict network access to and from a Droplet allowing you to define which ports will accept inbound or outbound connections. View the create API documentation at https://docs.digitalocean.com/reference/api/api-reference/#tag/Firewalls.

Requirements

pydo >= 0.1.3
azure-core >= 1.26.1

Parameters

Parameter	Choices / Default	Description
`client_override_options` dict		Client override options (developer use). For example, can be used to override the DigitalOcean API endpoint for an internal test suite. If provided, these options will knock out existing options.
`droplet_ids` list / elements=int		An array containing the IDs of the Droplets assigned to the firewall.
`inbound_rules` list / elements=dict		Array of inbound firewall rules.
`module_override_options` dict		Module override options (developer use). Can be used to override module options to support experimental or future options. If provided, these options will knock out existing options.
`name` str / required		A human-readable name for a firewall. The name must begin with an alphanumeric character. Subsequent characters must either be alphanumeric characters, a period (.), or a dash (-).
`outbound_rules` list / elements=dict		Array of outbound firewall rules.
`state` str	Choices: `present` (default) `absent`	State of the resource, `present` to create, `absent` to destroy.
`tags` list / elements=str		A flat array of tag names as strings to be applied to the resource. Tag names may be for either existing or new tags.
`timeout` int	Default: `300`	Polling timeout in seconds.
`token` str		DigitalOcean API token. There are several environment variables which can be used to provide this value. `DIGITALOCEAN_ACCESS_TOKEN`, `DIGITALOCEAN_TOKEN`, `DO_API_TOKEN`, `DO_API_KEY`, `DO_OAUTH_TOKEN` and `OAUTH_TOKEN`

Examples

- name: Create firewall
  digitalocean.cloud.firewall:
    token: "{{ token }}"
    state: present
    name: firewall
    inbound_rules:
      - protocol: tcp
        ports: 80
        sources:
          - load_balancer_uids:
              - "4de7ac8b-495b-4884-9a69-1050c6793cd6"
    outbound_rules:
      - protocol: tcp
        ports: 80
        destinations:
          - addresses:
              - "0.0.0.0/0"
              - "::/0"
    droplet_ids:
      - 8043964

Return Values

Key Returned Description

Key	Returned	Description
`error` dict	failure	DigitalOcean API error. Sample: `{ "Message": "Informational error message.", "Reason": "Unauthorized", "Status Code": 401 }`
`firewall` dict	always	Firewall information. Sample: { "firewall": { "created_at": "2017-05-23T21:24:00Z", "droplet_ids": [ 8043964 ], "id": "bb4b2611-3d72-467b-8602-280330ecd65c", "inbound_rules": [ { "ports": "80", "protocol": "tcp", "sources": { "load_balancer_uids": [ "4de7ac8b-495b-4884-9a69-1050c6793cd6" ] } }, { "ports": "22", "protocol": "tcp", "sources": { "addresses": [ "18.0.0.0/8" ], "tags": [ "gateway" ] } } ], "name": "firewall", "outbound_rules": [ { "destinations": { "addresses": [ "0.0.0.0/0", "::/0" ] }, "ports": "80", "protocol": "tcp" } ], "pending_changes": [ { "droplet_id": 8043964, "removing": false, "status": "waiting" } ], "status": "waiting", "tags": [] } }
`msg` str	always	Droplet result information. Sample: `[ "Created firewall test-firewall (e23647ff-4b57-4da0-8f31-72616d932c0d)", "Deleted firewall test-firewall (e23647ff-4b57-4da0-8f31-72616d932c0d)", "Firewall test-firewall would be created", "Firewall test-firewall (e23647ff-4b57-4da0-8f31-72616d932c0d) exists", "Firewall test-firewall does not exist", "Firewall test-firewall (e23647ff-4b57-4da0-8f31-72616d932c0d) would be deleted" ]`

error
dict

failure

DigitalOcean API error.
Sample:

{
  "Message": "Informational error message.",
  "Reason": "Unauthorized",
  "Status Code": 401
}

firewall
dict

always

Firewall information.
Sample:

{
  "firewall": {
    "created_at": "2017-05-23T21:24:00Z",
    "droplet_ids": [
      8043964
    ],
    "id": "bb4b2611-3d72-467b-8602-280330ecd65c",
    "inbound_rules": [
      {
        "ports": "80",
        "protocol": "tcp",
        "sources": {
          "load_balancer_uids": [
            "4de7ac8b-495b-4884-9a69-1050c6793cd6"
          ]
        }
      },
      {
        "ports": "22",
        "protocol": "tcp",
        "sources": {
          "addresses": [
            "18.0.0.0/8"
          ],
          "tags": [
            "gateway"
          ]
        }
      }
    ],
    "name": "firewall",
    "outbound_rules": [
      {
        "destinations": {
          "addresses": [
            "0.0.0.0/0",
            "::/0"
          ]
        },
        "ports": "80",
        "protocol": "tcp"
      }
    ],
    "pending_changes": [
      {
        "droplet_id": 8043964,
        "removing": false,
        "status": "waiting"
      }
    ],
    "status": "waiting",
    "tags": []
  }
}

msg
str