Ensure that the following permissions are enabled before setting firewall rules for your virtual server:
- Create own firewall rules
- Destroy own firewall rules
- Read own firewall rules
- Update own firewall rules
- Update own virtual server
- Read own virtual server
To add a firewall rule, use the request listed below. After you add a rule, you have to apply it to initiate a transaction responsible for running firewall rules. See the Apply Firewall Rule section for details.
POST /virtual_machines/:virtual_machine_id/firewall_rules.xml
POST /virtual_machines/:virtual_machine_id/firewall_rules.json
XML Request example
curl -i -X POST -H 'Accept: application/xml' -H 'Content-type: application/xml' -u user:userpass -d '<?xml version="1.0" encoding="UTF-8"?><firewall_rule><address></address><command>DROP</command><port></port><protocol>TCP</protocol><network_interface_id>105</network_interface_id></firewall_rule>' --url http://onapp.test/virtual_machines/:virtual_machine_id/firewall_rules.xml
JSON Request example
curl -i -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -u user:userpass -d '{"firewall_rule":{"address":"","command":"DROP","protocol":"TCP","network_interface_id":"105","port":""}}' --url http://onapp.test/virtual_machines/:virtual_machine_id/firewall_rules.json
Send the following parameters:
address* - Set the IP address for which this rule is active.
- Leave the empty field to apply this rule to all IPs
- Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)
- Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)
command* - sets the command to ACCEPT or DROP the abovementioned IPs
port - sets the port addresses
- Leave the empty field to apply the rule to all ports
- Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)
- Enter comma-separated ports to apply the rule to the list of ports (e.g. 80,443,21)
protocol* - protocol type (TCP or UDP)
network_interface_id* - interface of the network