Networking
Firewalls List
https://api.linode.com/v4/networking/firewalls
Returns a paginated list of accessible Firewalls.
Query Parameters
The page of a collection to return.
The number of items to return per page.
Request Samples
- Shell
- CLI
curl -H "Authorization: Bearer $TOKEN" \
https://api.linode.com/v4/networking/firewalls
Response Samples
- 200
- default
{
"data": [
{
"id": "",
"created": "2018-01-01T00:01:01",
"status": "enabled",
"label": "firewall123",
"updated": "2018-01-02T00:01:01",
"tags": [
"example tag",
"another example"
],
"rules": {
"inbound": "",
"outbound": "",
"inbound_policy": "DROP",
"outbound_policy": "DROP"
}
}
],
"page": 1,
"pages": 1,
"results": 1
}
Responses
200: Returns an array of Firewalls.
The Firewall's unique ID.
When this Firewall was created.
The status of this Firewall.
- When a Firewall is first created its status is
enabled
. - Use the Update Firewall endpoint to set a Firewall's status to
enabled
ordisabled
. - Use the Delete Firewall endpoint to delete a Firewall.
The Firewall's label, for display purposes only.
Firewall labels have the following constraints:
- Must begin and end with an alphanumeric character.
- May only consist of alphanumeric characters, dashes (
-
), underscores (_
) or periods (.
). - Cannot have two dashes (
--
), underscores (__
) or periods (..
) in a row. - Must be between 3 and 32 characters.
- Must be unique.
When this Firewall was last updated.
An array of tags applied to this object. Tags are for organizational purposes only.
The inbound and outbound access rules to apply to the Firewall.
A Firewall may have up to 25 rules across its inbound and outbound rulesets.
Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.
The inbound rules for the firewall, as a JSON array.
The outbound rules for the firewall, as a JSON array.
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action
property of the Firewall Rule.
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action
property of the Firewall Rule.
The current page.
The total number of pages.
The total number of results.
default: Error
What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.
The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.
Firewall Create
https://api.linode.com/v4/networking/firewalls
Creates a Firewall to filter network traffic.
Use the
rules
property to create inbound and outbound access rules.Use the
devices
property to assign the Firewall to a service and apply its Rules to the device. Requiresread_write
User's Grants to the device. Currently, Firewalls can only be assigned to Linode instances.A Firewall can be assigned to multiple Linode instances at a time.
A Linode instance can have one active, assigned Firewall at a time. Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if another active Firewall is already assigned to the same service.
A
firewall_create
Event is generated when this endpoint returns successfully.
Request Body Schema
Devices to create for this Firewall. When a Device is created, the Firewall is assigned to its associated service. Currently, Devices can only be created for Linode instances.
An array of Linode IDs. A Firewall Device is created for each ID.
The Firewall's label, for display purposes only.
Firewall labels have the following constraints:
- Must begin and end with an alphanumeric character.
- May only consist of alphanumeric characters, dashes (
-
), underscores (_
) or periods (.
). - Cannot have two dashes (
--
), underscores (__
) or periods (..
) in a row. - Must be between 3 and 32 characters.
- Must be unique.
The inbound and outbound access rules to apply to the Firewall.
A Firewall may have up to 25 rules across its inbound and outbound rulesets.
Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.
The inbound rules for the firewall, as a JSON array.
The outbound rules for the firewall, as a JSON array.
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action
property of the Firewall Rule.
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action
property of the Firewall Rule.
An array of tags applied to this object. Tags are for organizational purposes only.
Request Samples
- Shell
- CLI
curl -H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-X POST -d '{
"label": "firewall123",
"rules": {
"inbound_policy": "DROP",
"inbound": [
{
"protocol": "TCP",
"ports": "22, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "inbound-rule123",
"description": "An example inbound rule description."
}
],
"outbound_policy": "DROP",
"outbound": [
{
"protocol": "TCP",
"ports": "49152-65535",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "outbound-rule123",
"description": "An example outbound rule description."
}
]
},
"devices": {
"linodes": [
123
]
},
"tags": [
"example tag",
"another example"
]
}' \
https://api.linode.com/v4/networking/firewalls
Response Samples
- 200
- default
{
"status": "enabled",
"created": "2018-01-01T00:01:01",
"updated": "2018-01-02T00:01:01",
"id": 1234,
"label": "firewall123",
"tags": [],
"rules": {
"inbound": "",
"outbound": "",
"inbound_policy": "DROP",
"outbound_policy": "DROP"
}
}
Responses
200: Returns information about the created Firewall.
The status of this Firewall.
- When a Firewall is first created its status is
enabled
. - Use the Update Firewall endpoint to set a Firewall's status to
enabled
ordisabled
. - Use the Delete Firewall endpoint to delete a Firewall.
When this Firewall was created.
When this Firewall was last updated.
The Firewall's unique ID.
The Firewall's label, for display purposes only.
Firewall labels have the following constraints:
- Must begin and end with an alphanumeric character.
- May only consist of alphanumeric characters, dashes (
-
), underscores (_
) or periods (.
). - Cannot have two dashes (
--
), underscores (__
) or periods (..
) in a row. - Must be between 3 and 32 characters.
- Must be unique.
An array of tags applied to this object. Tags are for organizational purposes only.
The inbound and outbound access rules to apply to the Firewall.
A Firewall may have up to 25 rules across its inbound and outbound rulesets.
Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.
The inbound rules for the firewall, as a JSON array.
The outbound rules for the firewall, as a JSON array.
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action
property of the Firewall Rule.
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action
property of the Firewall Rule.
default: Error
What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.
The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.