How can I allowlist the DigitalOcean metrics agent with my firewall?

Validated on 4 Oct 2022 • Last edited on 29 Mar 2024

Firewalls place a barrier between your servers and other machines on the network to protect them from external attacks, but they can also prevent the DigitalOcean Metrics Agent from working on your Droplet. This includes DigitalOcean’s Cloud Firewall service and locally installed firewalls protecting your Droplet. Whatever firewall you use, you need to allowlist the metrics agent to access the DigitalOcean monitoring service. Otherwise, the Droplet’s metrics data can’t be reported to the monitoring service.

Configure DigitalOcean Cloud Firewall

If you are using DigitalOcean’s Cloud Firewall, you need to create firewall rules that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports 80 and 443.

Configure Locally Installed Firewall

The DigitalOcean Metrics Agent connects to DigitalOcean using ports 80 and 443 on your Droplet. To allow the metrics agent to connect through the firewall, you need to create rules in your firewall software that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports 80 and 443.

You can create these rules using UFW for Ubuntu and Debian systems, or Firewalld for CentOS and Fedora systems. These services interface with iptables, the Linux kernel firewall program native to most Linux operating systems. You can also configure these firewall rules in iptables directly, although we recommend using UFW or FirewallD because they are easier to use.

Use this guide to gather information about your firewalls and diagnose problems.
Addresses assigned to a Droplet remain static for the life of the Droplet.
Diagnose and troubleshoot firewall issues that could be causing network connectivity issues.
Control Panel Blog Pricing Careers Terms Privacy Status API Docs Tutorials Support