Create firewall rule
Creates a firewall rule.
URI
/v2.0/fw/firewall_rules
HTTP method
POST
Request parameter
Key | Description | Type | Required/optional |
---|---|---|---|
action | Action to be performed on the traffic matching the rule (allow, deny). | xsd:string | Optional |
Description | Human readable description for the firewall Rule (1024 character limit). | xsd:string | Optional |
destination_ip_address | Destination IP address or CIDR. | xsd:string | Optional |
destination_port | Destination port number or a range. If range, port numbers are separated by colon. Specify a small port number first. | xsd:string | Optional |
enabled | When set to False will disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. | xsd:bool | Optional |
name | Human readable name for the firewall rule (255 character limit). Does not have to be unique. | xsd:string | Optional |
protocol | The protocol that is matched by the firewall rule. Valid values are null, tcp, udp, and icmp. (Avoid the use of null when specifying the protocol for Firewall rules. Instead, create multiple rules for both 'tcp' and 'udp' protocols independently.) | xsd:string | Optional |
source_ip_address | Source IP address or CIDR. | xsd:string | Optional |
source_port | Source port number or a range. If range, port numbers are separated by colon. | xsd:string | Optional |
availability_zone | The Availability Zone name. If you do not specify this, the resource will be created in the default Availability Zone. |
xsd:string | Optional |
Example request
{
"firewall_rule": {
"action": "allow",
"destination_port": "80",
"enabled": true,
"name": "ALLOW_HTTP",
"protocol": "tcp",
"availability_zone": "AZ1"
}
}
Response status
Status code | Description |
---|---|
201 | Normal response codes |
Unauthorized (401) | Error response codes |
Bad Request (400) | Error response codes |
Response body (normal status)
{
"firewall_rule": {
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": null,
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": null,
"protocol": "tcp",
"shared": false,
"source_ip_address": null,
"source_port": null,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117",
"availability_zone": "AZ1"
}
}
Description of response body (normal status)
Item | Description |
---|---|
action | Action to be performed on the traffic matching the rule (allow, deny). |
Description | Human readable description for the firewall Rule (1024 character limit). |
destination_ip_address | Destination IP address or CIDR. |
destination_port | Destination port number or a range |
enabled | When set to False will disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy |
firewall_policy_id | This is a read-only attribute which gets populated with the uuid of the firewall policy when this firewall rule is associated with a firewall policy. A firewall rule can be associated with one firewall policy at a time. The association can however be updated to a different firewall policy. This attribute can be "null" if the rule is not associated with any firewall policy. |
id | Unique identifier for the firewall rule object. |
ip_version | IP Protocol Version. |
name | Human readable name for the firewall rule (255 character limit). Does not have to be unique. |
position | This is a read-only attribute that gets assigned to this rule when the rule is associated with a firewall policy. It indicates the position of this rule in that firewall policy. This position number starts at 1. The position can be "null" if the firewall rule is not associated with any policy. |
protocol | The protocol that is matched by the firewall rule. Valid values are null, tcp, udp, and icmp. |
shared | Indicates whether this firewall rule is shared across all projects. This value is always False. |
source_ip_address | Source IP address or CIDR. |
source_port | Source port number or a range. |
availability_zone | The Availability Zone name. |