diff --git a/cmd/provider/do_template.go b/cmd/provider/do_template.go
index 9c04495f..df9f8c04 100644
--- a/cmd/provider/do_template.go
+++ b/cmd/provider/do_template.go
@@ -133,6 +133,36 @@ resource "digitalocean_droplet" "darknode" {
   }
 }
 
+resource "digitalocean_firewall" "darknode" {
+  name       = "{{.Name}}-firewall"
+
+  droplet_ids = [digitalocean_droplet.darknode.id]
+
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "22"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "18514-18515"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "1-65535"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol              = "udp"
+    port_range            = "1-65535"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+}
+
 output "provider" {
   value = "do"
 }