Child pages
  • Add Firewall Rule
Skip to end of metadata
Go to start of metadata

Ensure that the following permissions are enabled before setting firewall rules for your virtual server:

  • Create own firewall rules
  • Destroy own firewall rules
  • Read own firewall rules
  • Update own firewall rules
  • Update own virtual server
  • Read own virtual server

To add a firewall rule, use the request listed below. After you add a rule, you have to apply it to initiate a transaction responsible for running firewall rules. See the Apply Firewall Rule section for details.

POST /virtual_machines/:virtual_machine_id/firewall_rules.xml
POST /virtual_machines/:virtual_machine_id/firewall_rules.json

XML Request example

curl -i -X POST -H 'Accept: application/xml' -H 'Content-type: application/xml' -u user:userpass -d '<?xml version="1.0" encoding="UTF-8"?><firewall_rule><address></address><command>DROP</command><port></port><protocol>TCP</protocol><network_interface_id>105</network_interface_id></firewall_rule>' --url http://onapp.test/virtual_machines/:virtual_machine_id/firewall_rules.xml

JSON Request example

curl -i -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -u user:userpass -d '{"firewall_rule":{"address":"","command":"DROP","protocol":"TCP","network_interface_id":"105","port":""}}' --url http://onapp.test/virtual_machines/:virtual_machine_id/firewall_rules.json

Send the following parameters:

address* - Set the IP address for which this rule is active.

  • Leave the empty field to apply this rule to all IPs
  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g.
  • Enter the IPs with slash to apply the rule to CIDR (e.g.

command* - sets the command to ACCEPT or DROP the abovementioned IPs

port - sets the port addresses

  • Leave the empty field to apply the rule to all ports
  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)
  • Enter comma-separated ports to apply the rule to the list of ports (e.g. 80,443,21)

protocol* - protocol type (TCP or UDP)

network_interface_id* - interface of the network

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels