DigitalOcean

Question

Digital Ocean Load Balancer Firewall How to Apply

I want to make my DO Loadbalancer can only be accessible via https://www.cloudflare.com/ips/ and my internal droplet backend, how can do that? Please assist me, sensei!

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
October 26, 2023
Accepted Answer

Hi there,

Currently, you can only add firewall rules to a load balancer using the CLI or API.

To add or remove firewall rules from an existing load balancer using the CLI, use the --allow-list and --deny-list flags with the update command to define a list of IP addresses and CIDRs that the load balancer will accept or block incoming connections from.

To add or remove firewall rules via the command-line, follow these steps:

  1. Install doctl, the DigitalOcean command-line tool.

  2. Create a personal access token, and save it for use with doctl.

  3. Use the token to grant doctl access to your DigitalOcean account.

    doctl auth init

    Copy

  4. Finally, add or remove firewall rules with doctl compute load-balancer update. The basic usage looks like this, but you’ll want to read the usage docs for more details:

    doctl compute load-balancer update <id> [flags]

You can find the full documentation here:

https://docs.digitalocean.com/products/networking/load-balancers/how-to/manage/#add-or-remove-firewall-rules-from-a-load-balancer

Hope that this helps!

Best,

Bobby

GProxyNovember 30, 2023

Hi,

Is there a quick way to deny all IP traffic rather than list all the IPs in --deny-list? I don’t have a list of all possible IP address in the world, I just want to deny everything and whitelist a few address that I need. How can the be accomplished via the CLI?

Thank you -

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2024 DigitalOcean, LLC.Sitemap.