๐ง Firewalls
Get All
Returns a paginated list of accessible Firewalls.
LinodeClient linodeClient = new LinodeClient("apikey");
// Get All
List<Firewall> list = await linodeClient.Firewall.Get();Get One
Get a specific Firewall resource by its ID. The Firewallโs Devices will not be returned in the response. Instead, use the List Firewall Devices endpoint to review them.
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 109478;
// Get One
Firewall firewall = await linodeClient.Firewall.Get(firewallId);Create
Creates a Firewall to filter network traffic.
Use the
rulesproperty to create inbound and outbound access rules.Use the
devicesproperty to assign the Firewall to a service and apply its Rules to the device. Requiresread_writeUserโs Grants to the device. Currently, Firewalls can only be assigned to Linode instances.A Firewall can be assigned to multiple Linode instances at a time.
A Linode instance can have one active, assigned Firewall at a time. Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if another active Firewall is already assigned to the same service.
Firewalls apply to all of a Linodeโs non-
vlanpurpose Configuration Profile Interfaces.Assigned Linodes must not have any ongoing live migrations.
A
firewall_createEvent is generated when this endpoint returns successfully.
LinodeClient linodeClient = new LinodeClient("apikey");
// New firewall
Firewall firewall = new Firewall();
// Name
firewall.Label = "super-firewall";
// By default, we establish that nothing can enter, except explicitly specified in the incoming rule as "Action ACCEPT."
firewall.Rules.InboundPolicy = eFirewallRulAction.DROP;
// Allow port 22 tcp IN
FirewallRule firewallRuleIn22Tcp = new FirewallRule();
firewallRuleIn22Tcp.Label = "tcp-22-in-allow";
firewallRuleIn22Tcp.Description = "Allow al traffic int 22 tcp";
firewallRuleIn22Tcp.Action = eFirewallRulAction.ACCEPT;
firewallRuleIn22Tcp.Protocol = eFirewallProtocol.TCP;
firewallRuleIn22Tcp.Ports = "22";
firewallRuleIn22Tcp.Addresses = new FirewallRuleAddresses();
firewallRuleIn22Tcp.Addresses.IPv4.Add("8.8.8.8/32");
firewallRuleIn22Tcp.Addresses.IPv4.Add("1.1.1.1/32");
firewallRuleIn22Tcp.Addresses.IPv6.Add("2a00:1450:4009:81f::200e/128");
firewallRuleIn22Tcp.Addresses.IPv6.Add("2606:4700::6810:84e5/128");
// Add rule to Firewall
firewall.Rules.Inbound.Add(firewallRuleIn22Tcp);
// Allow port 80 tcp IN
FirewallRule firewallRuleIn80Tcp = new FirewallRule();
firewallRuleIn80Tcp.Label = "tcp-80-in-allow";
firewallRuleIn80Tcp.Description = "Allow al traffic int 80 tcp";
firewallRuleIn80Tcp.Action = eFirewallRulAction.ACCEPT;
firewallRuleIn80Tcp.Protocol = eFirewallProtocol.TCP;
firewallRuleIn80Tcp.Ports = "80";
firewallRuleIn80Tcp.Addresses = new FirewallRuleAddresses();
firewallRuleIn80Tcp.Addresses.IPv4.Add("8.8.8.8/32");
firewallRuleIn80Tcp.Addresses.IPv6.Add("2606:4700::6810:84e5/128");
// Add rule to Firewall
firewall.Rules.Inbound.Add(firewallRuleIn80Tcp);
// By default, we establish that all traffic can exit, except explicitly specified in the outgoing rule as "Action DROP."
firewall.Rules.OutboundPolicy = eFirewallRulAction.ACCEPT;
// Deny port 27017 OUT
FirewallRule firewallRuleOut27017Tcp = new FirewallRule();
firewallRuleOut27017Tcp.Label = "tcp-27017-out-deny";
firewallRuleOut27017Tcp.Description = "Allow al traffic int 27017 tcp";
firewallRuleOut27017Tcp.Action = eFirewallRulAction.DROP;
firewallRuleOut27017Tcp.Protocol = eFirewallProtocol.TCP;
firewallRuleOut27017Tcp.Ports = "27017";
firewallRuleOut27017Tcp.Addresses = new FirewallRuleAddresses();
firewallRuleOut27017Tcp.Addresses.IPv4.Add("0.0.0.0/0");
firewallRuleOut27017Tcp.Addresses.IPv6.Add("::/0");
// Add rule to Firewall
firewall.Rules.Outbound.Add(firewallRuleOut27017Tcp);
// Tags
firewall.Tags = new List<string> { "22 in allow", "80 in allow", "27017 out deny" };
// Create
firewall = await linodeClient.Firewall.Create(firewall);Update
Updates information for a Firewall.
Assigned Linodes must not have any ongoing live migrations.
If a Firewallโs status is changed with this endpoint, a corresponding
firewall_enableorfirewall_disableEvent will be generated.
Some parts of a Firewallโs configuration cannot be manipulated by this endpoint:
A Firewallโs Devices cannot be set with this endpoint. Instead, use the Create Firewall Device and Delete Firewall Device endpoints to assign and remove this Firewall from Linode services.
A Firewallโs Rules cannot be changed with this endpoint. Instead, use the Update Firewall Rules endpoint to update your Rules.
A Firewallโs status can be set to
enabledordisabledby this endpoint, but it cannot be set todeleted. Instead, use the Delete Firewall endpoint to delete a Firewall.
LinodeClient linodeClient = new LinodeClient("apikey");
// Get one
Firewall firewall = await linodeClient.Firewall.Get(280563);
// Change
firewall.Label = "newName";
firewall.Status = eFirewallStatus.disabled;
// Update
firewall = await linodeClient.Firewall.Update(firewall);Delete
Delete a Firewall resource by its ID. This will remove all of the Firewallโs Rules from any Linode services that the Firewall was assigned to.
Assigned Linodes must not have any ongoing live migrations.
A
firewall_deleteEvent is generated when this endpoint returns successfully.
LinodeClient linodeClient = new LinodeClient("apikey");
// Get one
Firewall firewall = await linodeClient.Firewall.Get(280384);
// You can delete it by passing the object as a parameter
await linodeClient.Firewall.Delete(firewall);
// You can also delete it by passing the ID as a parameter.
await linodeClient.Firewall.Delete(280384);Rules List
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 280563;
// Get
FirewallRules firewallRules = await linodeClient.Firewall.GetRules(firewallId);Rules Update
Updates the inbound and outbound Rules for a Firewall.
Assigned Linodes must not have any ongoing live migrations.
Note: This command replaces all of a Firewallโs
inboundandoutboundrulesets with the values specified in your request.
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 280563;
// Get
FirewallRules firewallRules = await linodeClient.Firewall.GetRules(firewallId);
// Allow port 80 tcp IN
FirewallRule firewallRuleIn80Tcp = new FirewallRule();
firewallRuleIn80Tcp.Label = "tcp-80-in-allow";
firewallRuleIn80Tcp.Description = "Allow al traffic int 80 tcp";
firewallRuleIn80Tcp.Action = eFirewallRulAction.ACCEPT;
firewallRuleIn80Tcp.Protocol = eFirewallProtocol.TCP;
firewallRuleIn80Tcp.Ports = "80";
firewallRuleIn80Tcp.Addresses = new FirewallRuleAddresses();
firewallRuleIn80Tcp.Addresses.IPv4.Add("8.8.8.8/32");
firewallRuleIn80Tcp.Addresses.IPv6.Add("2606:4700::6810:84e5/128");
// Add rule to Firewall
firewallRules.Inbound.Add(firewallRuleIn80Tcp);
// Update Rule
firewallRules = await linodeClient.Firewall.UpdateRule(firewallId, firewallRules);Devices List
Returns a paginated list of a Firewallโs Devices. A Firewall Device assigns a Firewall to a Linode service (referred to as the Deviceโs entity). Currently, only Devices with an entity of type linode are accepted.
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 280563;
// Get
List<FirewallDevice> list = await linodeClient.Firewall.DeviceGet(firewallId);Device View
Returns information for a Firewall Device, which assigns a Firewall to a Linode service (referred to as the Deviceโs entity). Currently, only Devices with an entity of type linode are accepted.
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 280563;
long deviceId = 605747;
// Get
FirewallDevice firewallDevice = await linodeClient.Firewall.DeviceGet(firewallId, deviceId);Device Create
Creates a Firewall Device, which assigns a Firewall to a service (referred to as the Deviceโs entity) and applies the Firewallโs Rules to the device.
Currently, only Devices with an entity of type
linodeare accepted.A Firewall can be assigned to multiple Linode instances at a time.
A Linode instance can have one active, assigned Firewall at a time. Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if another active Firewall is already assigned to the same service.
Assigned Linodes must not have any ongoing live migrations.
A
firewall_device_addEvent is generated when the Firewall Device is added successfully.
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 280563;
long linodeId = 52525566;
// Create device
FirewallDevice firewallDevice = await linodeClient.Firewall.DeviceCreate(firewallId, linodeId);Device Delete
Removes a Firewall Device, which removes a Firewall from the Linode service it was assigned to by the Device. This will remove all of the Firewallโs Rules from the Linode service. If any other Firewalls have been assigned to the Linode service, then those Rules will remain in effect.
Assigned Linodes must not have any ongoing live migrations.
A
firewall_device_removeEvent is generated when the Firewall Device is removed successfully.
LinodeClient linodeClient = new LinodeClient("apikey");
long firewallId = 280563;
long deviceId = 605801;
// Delete device
await linodeClient.Firewall.DeviceDelete(firewallId, deviceId);JSON
{
"id": 280903,
"label": "superFirewall",
"created": "2023-12-01T02:23:42",
"updated": "2023-12-01T02:26:19",
"status": "enabled",
"rules": {
"inbound": [
{
"action": "ACCEPT",
"addresses": {
"ipv4": [
"0.0.0.0/0"
],
"ipv6": [
"::/0"
]
},
"ports": "22",
"protocol": "TCP",
"label": "accept-inbound-SSH",
"description": "ssh"
},
{
"action": "ACCEPT",
"addresses": {
"ipv4": [
"0.0.0.0/0"
],
"ipv6": [
"::/0"
]
},
"ports": "80",
"protocol": "TCP",
"label": "accept-inbound-HTTP",
"description": "http"
},
{
"action": "ACCEPT",
"addresses": {
"ipv4": [
"0.0.0.0/0"
],
"ipv6": [
"::/0"
]
},
"ports": "443",
"protocol": "TCP",
"label": "accept-inbound-HTTPS",
"description": "https"
}
],
"inbound_policy": "DROP",
"outbound": [
{
"action": "DROP",
"addresses": {
"ipv4": [
"0.0.0.0/0"
],
"ipv6": [
"::/0"
]
},
"ports": "3306",
"protocol": "TCP",
"label": "accept-outbound-MySQL",
"description": "Deny MongoDB"
}
],
"outbound_policy": "ACCEPT"
},
"tags": []
}Last updated
Was this helpful?