Child pages
  • Add Firewall Rule
Skip to end of metadata
Go to start of metadata

Ensure that the following permissions are enabled before setting firewall rules for your virtual server:

  • Create own firewall rules
  • Destroy own firewall rules
  • Read own firewall rules
  • Update own firewall rules
  • Update own virtual server
  • Read own virtual server

To add a firewall rule, use the request listed below. After you add a rule, you have to apply it to initiate a transaction responsible for running firewall rules. See the Apply Firewall Rule section for details.

POST /virtual_machines/:virtual_machine_id/firewall_rules.xml
POST /virtual_machines/:virtual_machine_id/firewall_rules.json


XML Request example

curl -i -X POST -H 'Accept: application/xml' -H 'Content-type: application/xml' -u user:userpass -d '<?xml version="1.0" encoding="UTF-8"?><firewall_rule><address></address><command>DROP</command><port></port><protocol>TCP</protocol><network_interface_id>105</network_interface_id></firewall_rule>' --url http://onapp.test/virtual_machines/:virtual_machine_id/firewall_rules.xml

JSON Request example

curl -i -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -u user:userpass -d '{"firewall_rule":{"address":"","command":"DROP","protocol":"TCP","network_interface_id":"105","port":""}}' --url http://onapp.test/virtual_machines/:virtual_machine_id/firewall_rules.json


Send the following parameters:

address* - Set the IP address for which this rule is active.

  • Leave the empty field to apply this rule to all IPs
  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)
  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)

command* - sets the command to ACCEPT or DROP the abovementioned IPs

port - sets the port addresses

  • Leave the empty field to apply the rule to all ports
  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)
  • Enter comma-separated ports to apply the rule to the list of ports (e.g. 80,443,21)

protocol* - protocol type (TCP or UDP)

network_interface_id* - interface of the network

  • No labels