firewalls
Creates, updates, deletes, gets or lists a firewalls resource.
Overview
| Name | firewalls |
| Type | Resource |
| Id | linode.networking.firewalls |
Fields
The following fields are returned by SELECT queries:
- get_firewall
- get_firewalls
Returns information about this Firewall.
| Name | Datatype | Description |
|---|---|---|
id | integer | Filterable, Read-only The Firewall's unique ID. |
created | string (date-time) | Filterable, Read-only When this Firewall was created. (example: 2018-01-01T00:01:01) |
label | string | Filterable The Firewall's label, for display purposes only. Firewall labels have the following constraints: - Must begin and end with an alphanumeric character. - May only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.). - Cannot have two hyphens (--), underscores (__) or periods (..) in a row. - Must be between 3 and 32 characters. - Must be unique. (example: firewall123, pattern: ^a-zA-Z+$) |
rules | object | The inbound and outbound access rules to apply to the Firewall. A Firewall may have up to 25 rules across its inbound and outbound rulesets. Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted. |
status | string | Read-only The status of this Firewall. - When a Firewall is first created its status is enabled. - Run the Update a firewall operation to set a Firewall's status to enabled or disabled. - Run the Delete a firewall operation to delete a Firewall. (example: enabled) |
tags | array | Filterable An array of tags applied to this object. Tags are for organizational purposes only. |
updated | string (date-time) | Filterable, Read-only When this Firewall was last updated. (example: 2018-01-02T00:01:01) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_firewall | select | Get a specific Firewall resource by its ID. The Firewall's Devices will not be returned in the response. Instead, run the List firewall devices operation to review them. Learn more... Learn more... | ||
get_firewalls | select | page, page_size | Returns a paginated list of accessible Firewalls. Learn more... Learn more... | |
post_firewalls | insert | data__label, data__rules | Creates a Firewall to filter network traffic. - Use rules to create inbound and outbound access rules. Rule versions increment from 1 whenever the firewall's rules change.- Use devices to assign a firewall to a service such as a Linode that is using legacy config profiles, a Linode interface or a NodeBalancer. The firewall’s rules are then applied to that service. Requires a read_write user grant to the device.- For Linodes using Linode interfaces, firewalls need to be assigned to interfaces and not the linodes. Firewall templates are available for both VPC Linode interfaces and public Linode interfaces, and come with pre-configured protection rules.- For Linodes using legacy configuration profiles, firewalls are applied through the Linode. Public and VPC interfaces are subject to the firewall rules, while VLAN interfaces are not. - Currently, firewalls can be assigned to Linodes with legacy configuration profiles, Linode interfaces, and NodeBalancers. - The same firewall can be assigned to multiple services at a time. - Use firewall_id to assign a firewall when creating a Linode or when adding a Linode interface.- A service can have one assigned firewall enabled at a time. - Assigned Linodes must not have any ongoing live migrations. - A firewall_create event is generated when this operation succeeds.Learn more... Learn more... | |
put_firewall | replace | Updates information for a firewall. - Assigned Linodes must not have any ongoing live migrations. - If this operation changes a firewall's status, it generates a corresponding firewall_enable or firewall_disable event.This operation doesn't affect some parts of a firewall's configuration: - This operation doesn't set a firewall's devices. Instead, run the Create a firewall device and Delete a firewall device operations to assign and remove this firewall from services. - A firewall's rules can't be changed with this operation. Instead, run the Update firewall rules operation to update your rules. - Use this operation to set a firewall's status to enabled or disabled. But to set it to deleted, run the Delete a firewall operation.- An assigned default firewall can't be disabled. Learn more... Learn more... | ||
delete_firewall | delete | Delete a firewall. This also removes all of the firewall's rules from any services the firewall was assigned to. - Assigned Linodes must not have any ongoing live migrations. - A firewall_delete event is generated when this operation returns successfully.- An assigned default firewall can't be deleted. Learn more... Learn more... |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
page | integer | The page of a collection to return. |
page_size | integer | The number of items to return per page. |
SELECT examples
- get_firewall
- get_firewalls
Get a specific Firewall resource by its ID. The Firewall's Devices will not be returned in the response. Instead, run the List firewall devices operation to review them.
Learn more...
Learn more...
SELECT
id,
created,
label,
rules,
status,
tags,
updated
FROM linode.networking.firewalls;
Returns a paginated list of accessible Firewalls.
Learn more...
Learn more...
SELECT
data,
page,
pages,
results
FROM linode.networking.firewalls
WHERE page = '{{ page }}'
AND page_size = '{{ page_size }}';
INSERT examples
- post_firewalls
- Manifest
Creates a Firewall to filter network traffic.
- Use rules to create inbound and outbound access rules. Rule versions increment from 1 whenever the firewall's rules change.
- Use devices to assign a firewall to a service such as a Linode that is using legacy config profiles, a Linode interface or a NodeBalancer. The firewall’s rules are then applied to that service. Requires a read_write user grant to the device.
- For Linodes using Linode interfaces, firewalls need to be assigned to interfaces and not the linodes. Firewall templates are available for both VPC Linode interfaces and public Linode interfaces, and come with pre-configured protection rules.
- For Linodes using legacy configuration profiles, firewalls are applied through the Linode. Public and VPC interfaces are subject to the firewall rules, while VLAN interfaces are not.
- Currently, firewalls can be assigned to Linodes with legacy configuration profiles, Linode interfaces, and NodeBalancers.
- The same firewall can be assigned to multiple services at a time.
- Use firewall_id to assign a firewall when creating a Linode or when adding a Linode interface.
- A service can have one assigned firewall enabled at a time.
- Assigned Linodes must not have any ongoing live migrations.
- A firewall_create event is generated when this operation succeeds.
Learn more...
Learn more...
INSERT INTO linode.networking.firewalls (
data__label,
data__rules,
data__tags
)
SELECT
'{{ label }}' --required,
'{{ rules }}' --required,
'{{ tags }}'
RETURNING
id,
created,
label,
rules,
status,
tags,
updated
;
# Description fields are for documentation purposes
- name: firewalls
props:
- name: label
value: string
description: >
__Filterable__ The Firewall's label, for display purposes only.
Firewall labels have the following constraints:
- Must begin and end with an alphanumeric character.
- May only consist of alphanumeric characters, hyphens (`-`), underscores (`_`) or periods (`.`).
- Cannot have two hyphens (`--`), underscores (`__`) or periods (`..`) in a row.
- Must be between 3 and 32 characters.
- Must be unique.
- name: rules
value: object
description: >
The inbound and outbound access rules to apply to the Firewall.
A Firewall may have up to 25 rules across its inbound and outbound rulesets.
Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.
- name: tags
value: array
description: >
__Filterable__ An array of tags applied to this object. Tags are for organizational purposes only.
REPLACE examples
- put_firewall
Updates information for a firewall.
- Assigned Linodes must not have any ongoing live migrations.
- If this operation changes a firewall's status, it generates a corresponding firewall_enable or firewall_disable event.
This operation doesn't affect some parts of a firewall's configuration:
- This operation doesn't set a firewall's devices. Instead, run the Create a firewall device and Delete a firewall device operations to assign and remove this firewall from services.
- A firewall's rules can't be changed with this operation. Instead, run the Update firewall rules operation to update your rules.
- Use this operation to set a firewall's status to enabled or disabled. But to set it to deleted, run the Delete a firewall operation.
- An assigned default firewall can't be disabled.
Learn more...
Learn more...
REPLACE linode.networking.firewalls
SET
data__label = '{{ label }}',
data__status = '{{ status }}',
data__tags = '{{ tags }}'
WHERE
RETURNING
id,
created,
label,
rules,
status,
tags,
updated;
DELETE examples
- delete_firewall
Delete a firewall. This also removes all of the firewall's rules from any services the firewall was assigned to.
- Assigned Linodes must not have any ongoing live migrations.
- A firewall_delete event is generated when this operation returns successfully.
- An assigned default firewall can't be deleted.
Learn more...
Learn more...
DELETE FROM linode.networking.firewalls;