Creates a Firewall to filter network traffic.
-
Use
rulesto create inbound and outbound access rules. Rule versions increment from1whenever the firewall'sruleschange. -
Use
devicesto assign a firewall to a service such as a Linode that is using legacy config profiles, a Linode interface or a NodeBalancer. The firewall’s rules are then applied to that service. Requires aread_writeuser grant to the device.-
For Linodes using Linode interfaces, firewalls need to be assigned to
linode_interfacesand not thelinodes. Firewall templates are available for both VPC Linode interfaces and public Linode interfaces, and come with pre-configured protection rules. -
For Linodes using legacy configuration profiles, firewalls are applied through the Linode. Public and VPC interfaces are subject to the firewall rules, while VLAN interfaces are not.
-
-
Currently, firewalls can be assigned to Linodes with legacy configuration profiles, Linode interfaces, and NodeBalancers.
- The same firewall can be assigned to multiple services at a time.
-
Use
firewall_idto assign a firewall when creating a Linode or when adding a Linode interface. -
A service can have one assigned firewall enabled at a time.
-
Assigned Linodes must not have any ongoing live migrations.
-
A
firewall_createevent is generated when this operation succeeds.
linode-cli firewalls create \
--label example-firewall \
--rules.outbound_policy ACCEPT \
--rules.inbound_policy DROP \
--rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}, "action": "ACCEPT"}]' \
--rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"],"ipv6": ["2001:DB8::/128"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'
<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
firewall:read_write
<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>