How can I allowlist the DigitalOcean metrics agent with my firewall?

Validated on 26 Mar 2026 • Last edited on 10 Apr 2026

Copy page as Markdown View page as Markdown

The DigitalOcean metrics agent uses outbound HTTP and HTTPS on ports 80 and 443 to report metrics from your Droplet.

If you use a DigitalOcean Cloud Firewall, add outbound IPv4 and IPv6 rules that allow traffic on ports 80 and 443.

If the metrics agent cannot connect to DigitalOcean Monitoring, check your firewall rules. If you run a firewall on the Droplet, make sure it allows outbound IPv4 and IPv6 traffic on ports 80 and 443.

Check the current UFW policy: ```bash sudo ufw status verbose ``` Check the default policy in the output. For example, `Default: deny (incoming), allow (outgoing)` means UFW allows outbound traffic, which is usually enough for the metrics agent. Outbound deny or reject rules on ports `80` or `443` can block the agent from reporting data. If needed, allow outbound HTTP and HTTPS traffic: ```bash sudo ufw allow out 80/tcp sudo ufw allow out 443/tcp sudo ufw reload ```
List the current IPv4 output rules: ```bash sudo iptables -L OUTPUT -n -v ``` List the current IPv6 output rules: ```bash sudo ip6tables -L OUTPUT -n -v ``` Check whether the firewall allows outbound traffic on ports `80` and `443`. If needed, add rules to allow outbound HTTP and HTTPS traffic: ```bash sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT sudo ip6tables -A OUTPUT -p tcp --dport 80 -j ACCEPT sudo ip6tables -A OUTPUT -p tcp --dport 443 -j ACCEPT ``` Save the rules using your distribution's persistent firewall rule method.
Check the active firewall configuration: ```bash sudo firewall-cmd --list-all sudo firewall-cmd --list-all --zone=public ``` Make sure the active configuration allows outbound traffic on ports `80` and `443`. If needed, allow HTTP and HTTPS services in the active zone: ```bash sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload ```

For general firewall setup guidance, see the following community tutorials:

How do I disable process name collection in my metrics agent?

Disable process name collection in the metrics agent by updating the service configuration on your Droplet.

Why are my alerts not working on my Droplets?

Install the DigitalOcean metrics agent on each Droplet to enable Monitoring alerts.

My firewalls are not working correctly

Use this guide to gather information about your firewalls and diagnose problems.

We can't find any results for your search.

Try using different keywords or simplifying your search terms.