doctl compute firewall

Go to Navigation

Description

The sub-commands of doctl compute firewall manage DigitalOcean cloud firewalls.

Cloud firewalls allow you to restrict network access to and from a Droplet by defining which ports accept inbound or outbound connections. With these commands, you can list, create, or delete Cloud firewalls, as well as modify access rules.

Note: Cloud firewalls are not internal Droplet firewalls on Droplets, such as UFW or FirewallD.

A firewall’s inbound_rules and outbound_rules attributes contain arrays of objects as their values. These objects contain the standard attributes of their associated types, which can be found below.

Inbound access rules specify the protocol (TCP, UDP, or ICMP), ports, and sources for inbound traffic that will be allowed through the Firewall to the target Droplets. The ports attribute may contain a single port, a range of ports (e.g. 8000-9000), or all to allow traffic on all ports for the specified protocol. The sources attribute will contain an object specifying a whitelist of sources from which traffic will be accepted.

Flags

Option Description
--help , -h Help for this command
Command Description
doctl compute Display commands that manage infrastructure
doctl compute firewall add-droplets Add Droplets to a cloud firewall
doctl compute firewall add-rules Add inbound or outbound rules to a cloud firewall
doctl compute firewall add-tags Add tags to a cloud firewall
doctl compute firewall create Create a new cloud firewall
doctl compute firewall delete Permanently delete a cloud firewall
doctl compute firewall get Retrieve information about a cloud firewall
doctl compute firewall list List the cloud firewalls on your account
doctl compute firewall list-by-droplet List firewalls by Droplet
doctl compute firewall remove-droplets Remove Droplets from a cloud firewall
doctl compute firewall remove-rules Remove inbound or outbound rules from a cloud firewall
doctl compute firewall remove-tags Remove tags from a cloud firewall
doctl compute firewall update Update a cloud firewall's configuration

Global Flags

Option Description
--access-token, -t API V2 access token
--api-url, -u Override default API endpoint
--config, -c Specify a custom config file
Default:
  • macOS: ${HOME}/Library/Application Support/doctl/config.yaml
  • Linux: ${XDG_CONFIG_HOME}/doctl/config.yaml
  • Windows: %APPDATA%\doctl\config.yaml
--context Specify a custom authentication context name
--http-retry-max Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
--http-retry-wait-max Set the minimum number of seconds to wait before retrying a failed request
Default: 30
--http-retry-wait-min Set the maximum number of seconds to wait before retrying a failed request
Default: 1
--interactive Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
--output, -o Desired output format [text|json]
Default: text
--trace Show a log of network activity while performing a command
Default: false
--verbose, -v Enable verbose output
Default: false