Networking
Firewall Rules List
https://api.linode.com/v4/networking/firewalls/{firewallId}/rules
Returns the inbound and outbound Rules for a Firewall.
Path Parameters
ID of the Firewall to access.
Request Samples
- Shell
- CLI
curl -H "Authorization: Bearer $TOKEN" \
https://api.linode.com/v4/networking/firewalls/123/rules
Response Samples
- 200
- default
{
"inbound": [
{
"protocol": "TCP",
"ports": "22-24, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "firewallrule123",
"description": "An example firewall rule description."
}
],
"outbound": [
{
"protocol": "TCP",
"ports": "22-24, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "firewallrule123",
"description": "An example firewall rule description."
}
],
"inbound_policy": "DROP",
"outbound_policy": "DROP"
}
Responses
200: The requested Firewall Rules.
The inbound rules for the firewall, as a JSON array.
The type of network traffic affected by this rule.
A string representing the port or ports affected by this rule:
- The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. A space is permitted following each comma.
- A range of ports is inclusive of the start and end values for the range. The end value of the range must be greater than the start value.
- Ports must be within 1 and 65535, and may not contain any leading zeroes. For example, port "080" is not allowed.
- The ports string can have up to 15 pieces, where a single port is treated as one piece, and a port range is treated as two pieces. For example, the string "22-24, 80, 443" has four pieces.
- If no ports are configured, all ports are affected.
- Only allowed for the TCP and UDP protocols. Ports are not allowed for the ICMP and IPENCAP protocols.
The IPv4 and/or IPv6 addresses affected by this rule. A Rule can have up to 255 total addresses or networks listed across its IPv4 and IPv6 arrays. A network and a single IP are treated as equivalent when accounting for this limit.
Must contain ipv4
, ipv6
, or both.
A list of IPv4 addresses or networks. Addresses must be in IP/mask format. Must not be an empty list.
If "0.0.0.0/0" is included in this list, all IPv4 addresses are affected by this rule.
A list of IPv6 addresses or networks. Addresses must be in IP/mask format. Must not be an empty list.
If "::/0" is included in this list, all IPv6 addresses are affected by this rule.
Controls whether traffic is accepted or dropped by this rule. Overrides the Firewall's inbound_policy
if this is an inbound rule, or the outbound_policy
if this is an outbound rule.
Used to identify this rule. For display purposes only.
Used to describe this rule. For display purposes only.
The outbound rules for the firewall, as a JSON array.
The type of network traffic affected by this rule.
A string representing the port or ports affected by this rule:
- The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. A space is permitted following each comma.
- A range of ports is inclusive of the start and end values for the range. The end value of the range must be greater than the start value.
- Ports must be within 1 and 65535, and may not contain any leading zeroes. For example, port "080" is not allowed.
- The ports string can have up to 15 pieces, where a single port is treated as one piece, and a port range is treated as two pieces. For example, the string "22-24, 80, 443" has four pieces.
- If no ports are configured, all ports are affected.
- Only allowed for the TCP and UDP protocols. Ports are not allowed for the ICMP and IPENCAP protocols.
The IPv4 and/or IPv6 addresses affected by this rule. A Rule can have up to 255 total addresses or networks listed across its IPv4 and IPv6 arrays. A network and a single IP are treated as equivalent when accounting for this limit.
Must contain ipv4
, ipv6
, or both.
A list of IPv4 addresses or networks. Addresses must be in IP/mask format. Must not be an empty list.
If "0.0.0.0/0" is included in this list, all IPv4 addresses are affected by this rule.
A list of IPv6 addresses or networks. Addresses must be in IP/mask format. Must not be an empty list.
If "::/0" is included in this list, all IPv6 addresses are affected by this rule.
Controls whether traffic is accepted or dropped by this rule. Overrides the Firewall's inbound_policy
if this is an inbound rule, or the outbound_policy
if this is an outbound rule.
Used to identify this rule. For display purposes only.
Used to describe this rule. For display purposes only.
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action
property of the Firewall Rule.
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action
property of the Firewall Rule.
default: Error
What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.
The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.
Firewall Rules Update
https://api.linode.com/v4/networking/firewalls/{firewallId}/rules
Updates the inbound and outbound Rules for a Firewall.
Note: This command replaces all of a Firewall's inbound
and outbound
rulesets with the values specified in your request.
Path Parameters
ID of the Firewall to access.
Request Body Schema
The inbound rules for the firewall, as a JSON array.
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action
property of the Firewall Rule.
The outbound rules for the firewall, as a JSON array.
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action
property of the Firewall Rule.
Request Samples
- Shell
- CLI
curl -H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-X PUT -d '{
"inbound_policy": "DROP",
"inbound": [
{
"protocol": "TCP",
"ports": "22, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "inbound-rule123",
"description": "An example inbound rule description."
}
],
"outbound_policy": "DROP",
"outbound": [
{
"protocol": "TCP",
"ports": "49152-65535",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "outbound-rule123",
"description": "An example outbound rule description."
}
]
}' \
https://api.linode.com/v4/networking/firewalls/123/rules
Response Samples
- 200
- default
{
"inbound": [
{
"protocol": "TCP",
"ports": "22-24, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "firewallrule123",
"description": "An example firewall rule description."
}
],
"outbound": [
{
"protocol": "TCP",
"ports": "22-24, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.0/24",
"198.51.100.2/32"
],
"ipv6": [
"2001:DB8::/128"
]
},
"action": "ACCEPT",
"label": "firewallrule123",
"description": "An example firewall rule description."
}
],
"inbound_policy": "DROP",
"outbound_policy": "DROP"
}
Responses
200: Firewall Rules updated successfully.
default: Error
What happened to cause this error. In most cases, this can be fixed immediately by changing the data you sent in the request, but in some cases you will be instructed to open a Support Ticket or perform some other action before you can complete the request successfully.
The field in the request that caused this error. This may be a path, separated by periods in the case of nested fields. In some cases this may come back as "null" if the error is not specific to any single element of the request.