Create firewall rule

Creates a firewall rule.

URI

/v2.0/fw/firewall_rules

HTTP method

POST

Request parameter

Key Description Type Required/optional
action Action to be performed on the traffic matching the rule (allow, deny). xsd:string Optional
Description Human readable description for the firewall Rule (1024 character limit). xsd:string Optional
destination_ip_address Destination IP address or CIDR. xsd:string Optional
destination_port Destination port number or a range. If range, port numbers are separated by colon. Specify a small port number first. xsd:string Optional
enabled When set to False will disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. xsd:bool Optional
name Human readable name for the firewall rule (255 character limit). Does not have to be unique. xsd:string Optional
protocol The protocol that is matched by the firewall rule. Valid values are null, tcp, udp, and icmp. (Avoid the use of null when specifying the protocol for Firewall rules. Instead, create multiple rules for both 'tcp' and 'udp' protocols independently.) xsd:string Optional
source_ip_address Source IP address or CIDR. xsd:string Optional
source_port Source port number or a range. If range, port numbers are separated by colon. xsd:string Optional
availability_zone The Availability Zone name.

If you do not specify this, the resource will be created in the default Availability Zone.

xsd:string Optional

Example request


{
    "firewall_rule": {
        "action": "allow",
        "destination_port": "80",
        "enabled": true,
        "name": "ALLOW_HTTP",
        "protocol": "tcp",
        "availability_zone": "AZ1"
    }
}  
     

Response status

Status code Description
201 Normal response codes
Unauthorized (401) Error response codes
Bad Request (400) Error response codes

Response body (normal status)


{
    "firewall_rule": {
        "action": "allow",
        "description": "",
        "destination_ip_address": null,
        "destination_port": "80",
        "enabled": true,
        "firewall_policy_id": null,
        "id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
        "ip_version": 4,
        "name": "ALLOW_HTTP",
        "position": null,
        "protocol": "tcp",
        "shared": false,
        "source_ip_address": null,
        "source_port": null,
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117",
        "availability_zone": "AZ1"
    }
}
     

Description of response body (normal status)

Item Description
action Action to be performed on the traffic matching the rule (allow, deny).
Description Human readable description for the firewall Rule (1024 character limit).
destination_ip_address Destination IP address or CIDR.
destination_port Destination port number or a range
enabled When set to False will disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy
firewall_policy_id This is a read-only attribute which gets populated with the uuid of the firewall policy when this firewall rule is associated with a firewall policy. A firewall rule can be associated with one firewall policy at a time. The association can however be updated to a different firewall policy. This attribute can be "null" if the rule is not associated with any firewall policy.
id Unique identifier for the firewall rule object.
ip_version IP Protocol Version.
name Human readable name for the firewall rule (255 character limit). Does not have to be unique.
position This is a read-only attribute that gets assigned to this rule when the rule is associated with a firewall policy. It indicates the position of this rule in that firewall policy. This position number starts at 1. The position can be "null" if the firewall rule is not associated with any policy.
protocol The protocol that is matched by the firewall rule. Valid values are null, tcp, udp, and icmp.
shared Indicates whether this firewall rule is shared across all projects. This value is always False.
source_ip_address Source IP address or CIDR.
source_port Source port number or a range.
availability_zone The Availability Zone name.