Networking

Firewalls List

get
https://api.linode.com/v4/networking/firewalls

Returns a paginated list of accessible Firewalls.

Query Parameters

page
integer > = 1
Default: 1

The page of a collection to return.

page_size
integer [25 .. 500]
Default: 100

The number of items to return per page.

Request Samples

curl -H "Authorization: Bearer $TOKEN" \
    https://api.linode.com/v4/networking/firewalls

Response Samples

{
  "data": [
    {
      "id": "",
      "created": "2018-01-01T00:01:01",
      "status": "enabled",
      "label": "firewall123",
      "updated": "2018-01-02T00:01:01",
      "tags": [
        "example tag",
        "another example"
      ],
      "rules": {
        "inbound": "",
        "outbound": "",
        "inbound_policy": "DROP",
        "outbound_policy": "DROP"
      }
    }
  ],
  "page": 1,
  "pages": 1,
  "results": 1
}

Responses

200: Returns an array of Firewalls.

data
array of objects
id
Filterable
integer

The Firewall's unique ID.

created
Filterable
string

When this Firewall was created.

status
string
Enum: "enabled""disabled""deleted"

The status of this Firewall.

  • When a Firewall is first created its status is enabled.
  • Use the Update Firewall endpoint to set a Firewall's status to enabled or disabled.
  • Use the Delete Firewall endpoint to delete a Firewall.
label
Filterable
string^[a-zA-Z]((?!--|__|..)[a-zA-Z0-9-_.])+$

The Firewall's label, for display purposes only.

Firewall labels have the following constraints:

  • Must begin and end with an alphanumeric character.
  • May only consist of alphanumeric characters, dashes (-), underscores (_) or periods (.).
  • Cannot have two dashes (--), underscores (__) or periods (..) in a row.
  • Must be between 3 and 32 characters.
  • Must be unique.
updated
Filterable
string

When this Firewall was last updated.

tags
Filterable
array

An array of tags applied to this object. Tags are for organizational purposes only.

rules
object

The inbound and outbound access rules to apply to the Firewall.

A Firewall may have up to 25 rules across its inbound and outbound rulesets.

Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.

inbound
array

The inbound rules for the firewall, as a JSON array.

outbound
array

The outbound rules for the firewall, as a JSON array.

inbound_policy
string
Enum: "ACCEPT""DROP"

The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule.

outbound_policy
string
Enum: "ACCEPT""DROP"

The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property of the Firewall Rule.

page
integer

The current page.

pages
integer

The total number of pages.

results
integer

The total number of results.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.

Firewall Create

post
https://api.linode.com/v4/networking/firewalls

Creates a Firewall to filter network traffic.

  • Use the rules property to create inbound and outbound access rules.

  • Use the devices property to assign the Firewall to a service and apply its Rules to the device. Requires read_write User's Grants to the device. Currently, Firewalls can only be assigned to Linode instances.

  • A Firewall can be assigned to multiple Linode instances at a time.

  • A Linode instance can have one active, assigned Firewall at a time. Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if another active Firewall is already assigned to the same service.

  • A firewall_create Event is generated when this endpoint returns successfully.

Request Body Schema

rules
Required
inbound
outbound
devices
object

Devices to create for this Firewall. When a Device is created, the Firewall is assigned to its associated service. Currently, Devices can only be created for Linode instances.

linodes
array

An array of Linode IDs. A Firewall Device is created for each ID.

label
Required
Filterable
string [3 .. 32] characters ^[a-zA-Z]((?!--|__|..)[a-zA-Z0-9-_.])+$

The Firewall's label, for display purposes only.

Firewall labels have the following constraints:

  • Must begin and end with an alphanumeric character.
  • May only consist of alphanumeric characters, dashes (-), underscores (_) or periods (.).
  • Cannot have two dashes (--), underscores (__) or periods (..) in a row.
  • Must be between 3 and 32 characters.
  • Must be unique.
rules
Required
object

The inbound and outbound access rules to apply to the Firewall.

A Firewall may have up to 25 rules across its inbound and outbound rulesets.

Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.

inbound
array

The inbound rules for the firewall, as a JSON array.

outbound
array

The outbound rules for the firewall, as a JSON array.

inbound_policy
string
Enum: "ACCEPT""DROP"

The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule.

outbound_policy
string
Enum: "ACCEPT""DROP"

The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property of the Firewall Rule.

tags
Filterable
array

An array of tags applied to this object. Tags are for organizational purposes only.

Request Samples

curl -H "Content-Type: application/json" \
    -H "Authorization: Bearer $TOKEN" \
    -X POST -d '{
      "label": "firewall123",
      "rules": {
        "inbound_policy": "DROP",
        "inbound": [
          {
            "protocol": "TCP",
            "ports": "22, 80, 443",
            "addresses": {
              "ipv4": [
                "192.0.2.0/24",
                "198.51.100.2/32"
              ],
              "ipv6": [
                "2001:DB8::/128"
              ]
            },
          "action": "ACCEPT",
          "label": "inbound-rule123",
          "description": "An example inbound rule description."
          }
        ],
        "outbound_policy": "DROP",
        "outbound": [
          {
            "protocol": "TCP",
            "ports": "49152-65535",
            "addresses": {
              "ipv4": [
                "192.0.2.0/24",
                "198.51.100.2/32"
              ],
              "ipv6": [
                "2001:DB8::/128"
              ]
            },
            "action": "ACCEPT",
            "label": "outbound-rule123",
            "description": "An example outbound rule description."
          }
        ]
      },
      "devices": {
        "linodes": [
          123
          ]
      },
      "tags": [
        "example tag",
        "another example"
      ]
    }' \
    https://api.linode.com/v4/networking/firewalls

Response Samples

{
  "status": "enabled",
  "created": "2018-01-01T00:01:01",
  "updated": "2018-01-02T00:01:01",
  "id": 1234,
  "label": "firewall123",
  "tags": [],
  "rules": {
    "inbound": "",
    "outbound": "",
    "inbound_policy": "DROP",
    "outbound_policy": "DROP"
  }
}

Responses

200: Returns information about the created Firewall.

status
string
Enum: "enabled""disabled""deleted"

The status of this Firewall.

  • When a Firewall is first created its status is enabled.
  • Use the Update Firewall endpoint to set a Firewall's status to enabled or disabled.
  • Use the Delete Firewall endpoint to delete a Firewall.
created
Filterable
string <date-time>

When this Firewall was created.

updated
Filterable
string <date-time>

When this Firewall was last updated.

id
Filterable
integer

The Firewall's unique ID.

label
Filterable
string [3 .. 32] characters ^[a-zA-Z]((?!--|__|..)[a-zA-Z0-9-_.])+$

The Firewall's label, for display purposes only.

Firewall labels have the following constraints:

  • Must begin and end with an alphanumeric character.
  • May only consist of alphanumeric characters, dashes (-), underscores (_) or periods (.).
  • Cannot have two dashes (--), underscores (__) or periods (..) in a row.
  • Must be between 3 and 32 characters.
  • Must be unique.
tags
Filterable
array of objects

An array of tags applied to this object. Tags are for organizational purposes only.

rules
object

The inbound and outbound access rules to apply to the Firewall.

A Firewall may have up to 25 rules across its inbound and outbound rulesets.

Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.

inbound
array

The inbound rules for the firewall, as a JSON array.

outbound
array

The outbound rules for the firewall, as a JSON array.

inbound_policy
string
Enum: "ACCEPT""DROP"

The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule.

outbound_policy
string
Enum: "ACCEPT""DROP"

The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property of the Firewall Rule.

default: Error

errors
array of objects
reason
string

What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.

field
string

The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.