How can I whitelist the DigitalOcean Metrics agent with my firewall?

Firewalls place a barrier between your servers and other machines on the network to protect them from external attacks, but they can also prevent the DigitalOcean Metrics Agent from working on your Droplet. This includes DigitalOcean’s Cloud Firewall service and locally installed firewalls protecting your Droplet. Whatever firewall you use, you’ll want to allow (whitelist) the metrics agent to access the DigitalOcean monitoring service, otherwise the Droplet’s metrics data can’t be reported to the monitoring service.

Configure DigitalOcean Cloud Firewall

If you are using DigitalOcean’s Cloud Firewall, you need to create firewall rules that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports 80 and 443.

Configure Locally Installed Firewall

The DigitalOcean Metrics Agent connects to DigitalOcean using ports 80 and 443 on your Droplet. To allow the metrics agent to connect through the firewall, you need to create rules in your firewall software that allow all outgoing IPv4 and IPv6 HTTP/HTTPS traffic through ports 80 and 443.

You can create these rules using UFW for Ubuntu and Debian systems, or Firewalld for Centos and Fedora systems. These services interface with iptables, the Linux kernal firewall program native to most Linux operating systems. You can also configure these firewall rules in iptables directly, although we recommend using UFW or FirewallD because they are easier to use.